Last updated: August 20, 2019.
These Terms and Conditions ("Terms", "Terms and Conditions") govern your relationship with engage.zubi.ai website (the "Service") operated by Zubilabs AB ("us", "we", or "our", "Processor").
Please read these Terms and Conditions carefully before using the Service.
Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.
By accessing or using the Service you agree to be bound by these Terms and to the "data processing agreement" in appendix 1 where Zubilabs AB is referred to as the "Processor" and you as the "Controller" . If you disagree with any part of the terms then you may not access the Service.
Some parts of the Service are billed on a subscription basis ("Subscription(s)"). You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or Zubilabs AB cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting Zubilabs AB customer support team.
A valid payment method, including credit card, is required to process the payment for your Subscription. You shall provide Zubilabs AB with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize Zubilabs AB to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, Zubilabs AB will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
Zubilabs AB may, at its sole discretion, offer a Subscription with a free trial for a limited period of time ("Free Trial").
You may be required to enter your billing information in order to sign up for the Free Trial.
If you do enter your billing information when signing up for the Free Trial, you will not be charged by Zubilabs AB until the Free Trial has expired. On the last day of the Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.
At any time and without notice, Zubilabs AB reserves the right to (i) modify the terms and conditions of the Free Trial offer, or (ii) cancel such Free Trial offer.
Zubilabs AB, in its sole discretion and at any time, may modify the Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
Zubilabs AB will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of the Service after the Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
Certain refund requests for Subscriptions may be considered by Zubilabs AB on a case-by-case basis and granted in sole discretion of Zubilabs AB.
When you create an account with us, you must provide us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms, which may result in immediate termination of your account on our Service.
You are responsible for safeguarding the password that you use to access the Service and for any activities or actions under your password, whether your password is with our Service or a third-party service.
You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
The Service and its original content, features and functionality are and will remain the exclusive property of Zubilabs AB and its licensors. The Service is protected by copyright, trademark, and other laws of both the Sweden and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Zubilabs AB.
Links To Other Web Sites
Our Service may contain links to third-party web sites or services that are not owned or controlled by Zubilabs AB.
Zubilabs AB has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that Zubilabs AB shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.
We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.
Upon termination, your right to use the Service will immediately cease. If you wish to terminate your account, you may simply discontinue using the Service.
Limitation Of Liability
In no event shall Zubilabs AB, nor its directors, employees, partners, agents, suppliers, or affiliates, be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses, resulting from (i) your access to or use of or inability to access or use the Service; (ii) any conduct or content of any third party on the Service; (iii) any content obtained from the Service; and (iv) unauthorized access, use or alteration of your transmissions or content, whether based on warranty, contract, tort (including negligence) or any other legal theory, whether or not we have been informed of the possibility of such damage, and even if a remedy set forth herein is found to have failed of its essential purpose.
Your use of the Service is at your sole risk. The Service is provided on an "AS IS" and "AS AVAILABLE" basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance.
Zubilabs AB its subsidiaries, affiliates, and its licensors do not warrant that a) the Service will function uninterrupted, secure or available at any particular time or location; b) any errors or defects will be corrected; c) the Service is free of viruses or other harmful components; or d) the results of using the Service will meet your requirements.
These Terms shall be governed and construed in accordance with the laws of Sweden, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.
If you have any questions about these Terms, please contact us.
DATA PROCESSING AGREEMENT
This Data Processing Agreement (the ”Agreement”) is between
Zubilab AB, registration number 5591587117, Carl Westmans Allé 10C, 254 51 Helsingborg, Sweden (“Processor”); and
The company that is the user of the service (“Controller”).
Hereinafter referred to as ”Party” or jointly as ”Parties”.
The Parties have an ongoing cooperation regarding data analytics, during which the Processor is Processing Personal Data on behalf of the Controller, who determines the purpose and means of the Processing, as set forth in Appendix 1.1.
With regard to the Processing of Personal Data in section 1.1 the Parties are entering into this Agreement in order to regulate the rights and obligations of the Controller in its role as Controller and the rights and obligations of the Processer in its role as Processor.
All of the following terms in this Agreement shall have the meanings given to them below:
”Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means (such as collecting, recording, organising, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction).
”GDPR” means the General Data Protection Regulation, EU 2016/679. ”Personal Data” means any information relating to an identified or an identifiable natural person (where an identifiable natural person is one who can be identified directly or indirectly).
”Data Subject” means the natural person whose Personal Data is being Processed.
”Applicable Data Protection Law” means all national or international data laws, statutes and regulations applicable to the Processing of the Personal Data that is the subject matter of this Agreement, including the GDPR and any national legislation regarding Data Protection.
”Sub-Processor” means a third party that the Processor engages who Processes Personal Data on behalf of the Controller.
THE RESPONSIBILITIES OF THE CONTROLLER
The Controller shall ensure that the Processing of Personal Data follows Applicable Data Protection Laws and shall, when needed, obtain consent from Data Subjects and ensure that Data Subjects are informed in accordance with Applicable Data Laws of the Processing. The Controller shall further ensure that the Personal Data which the Processor Processes on behalf of the Controller is necessary in order to fulfill the purpose and means of the Main Agreement.
THE RESPONSIBILITIES OF THE PROCESSOR
The Processor, or those who are employed by the Processor or any other legal or natural person whom the Processor authorizes to Processes Personal Data, shall only be allowed to Process Personal Data in accordance with the Controller’s documented instructions, Applicable Data Protection Laws and for the purposes necessary to fulfill the Main Agreement. In the case that the Controller has not given any instructions, or the Controller’s instructions are inadequate, incorrect or non-compliant with Applicable Data Protection Laws, the Processor shall inform the Controller about this without undue delay and await the Controller’s further instructions.
If the Processor or the Sub-Processor (if applicable) is required by union law or national law, to which the Processor, or Sub-Processor is subject, to Process Personal Data outside the scope of this Agreement, the Processor shall inform the Controller of such Processing before it is performed, unless such information is prohibited by law due to a public interest.
The Processor shall assist the Controller in ensuring compliance with its obligations pursuant to Applicable Data Protection Laws. This includes, but is not limited to, the Controller’s obligation to respond to requests from Data Subjects who wants to exercise their rights of access, ratification, erasure, restriction, objection and/or data portability.
If a Data Subject, third party or authorised public authority requests information from the Processor about the Processing of Personal Data under this Agreement the Processor shall, without undue delay, notify the Controller about such a request.
The Processor shall, at the Controller’s request and depending on the Processing that the Processor performs under this Agreement and the information that is available to the Processor, assist the Controller in ensuring compliance with the obligations pursuant to articles 32-36 GDPR.
The Processor shall at the Controller’s request make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Agreement and in Applicable Data Protection Laws, as well as contribute to audits and inspections. The Parties shall hold their own expenses for such audits and inspections.
The Processor shall be allowed to engage a Sub-Processor if the Processor informs the Controller about the addition or replacement of a Sub-Processor at least thirty (30) days in advance in order to give the Controller an opportunity to object to such changes. The Controller may make objections based on reasonable grounds relating to the Processing of Personal Data.
The Processor shall enter into an agreement with all Sub-Processors which stipulates and imposes, at a minimum, the same obligations and requirements as set forth in this Agreement. The Controller approves of the Sub-Processors listed in Appendix 1.2 when entering into this Agreement.
The Processor shall remain fully liable to the Controller for the performance of the Sub-Processors if the Sub-Processor fails to fulfill its data protection obligations. TRANSFER TO THIRD COUNTRIES The Processor shall not transfer or allow access to any Personal Data to any third countries outside the EEA without a prior written approval from the Controller, unless the Processor is required to perform such a transfer by union law or national law to which the Processor is subject. In such a case the Processor shall inform the Controller of that legal requirement before Processing, unless the Processor is prohibited by law on grounds of public interest to provide such information to the Controller.
If Personal Data is Processed outside the EEA, the Processor shall always comply with the applicable requirements for such a transfer in accordance with Applicable Data Protection Laws.
TECHNICAL AND ORGANISATIONAL MEASURES AND CONFIDENTIALITY
The Processor shall, taking into account the nature of the Personal Data and the risk of a personal data breach, take all technical and organisational measures required pursuant to article 32 GDPR.
The Processor shall keep any Personal Data that is being Processed on behalf of the Controller confidential, unless the Processor is required to share information in accordance with the decision of a public authority or Applicable Data Protection Law. The Processor shall also ensure that any person that it authorises to Process Personal Data is subject to confidentiality under this Agreement. [This undertaking of confidentiality shall remain in force without limitation in time.]
PERSONAL DATA BREACH
Upon becoming aware of a personal data breach, the Processor shall notify the Controller of the breach without undue delay and assist the Controller in ensuring compliance with article 33.
TERMINATION OF THE AGREEMENT
The obligations laid down in this Agreement shall be applicable from the signing of this Agreement and long as the Processor is Processing Personal Data on behalf of the Controller in accordance with the Main Agreement.
Either Party have a right to terminate this Agreement with immediate effect if the other Party substantially breaches this Agreement and does not rectify such a breach within fifteen (15) days after having received a written notice of such rectification.
In case of a breach of this Agreement or Applicable Data Protection Laws, the Parties’ liability shall follow what is stipulated in Applicable Data Protection Laws.
DELETION OR RETURN OF DATA
Upon termination or expiry of this Agreement, the Processor shall, at the choice of the Controller, delete or return all the Personal Data that has been Processed under this Agreement within ninety (90) days after its expiration, unless union law or national law require further storage of the Personal data.
With exception for the Controller’s right to make amendments to the instructions in Appendix 1.1 in order to fulfil Applicable Data Protection Laws, any amendments to or modifications of this Agreement must be in writing and be duly signed by both Parties.
If this Agreement and any other agreement between the Parties contain contradicting regulations, this Agreement shall hold precedence to any other agreement.
Any dispute, controversy or claim arising out of or in connection with this Agreement shall be settled in accordance with what is stipulated in the Main Agreement.
If such a regulation is missing from the Main Agreement, any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The seat of arbitration shall be Helsingborg, Sweden and the language to be used in the arbitral proceedings shall be English. This contract shall be governed by the substantive law of Sweden.
APPENDIX 1.1 – INSTRUCTIONS FOR PROCESSING
Stated below are the purposes, means, categories of Personal Data, instructions and safety measures which the Processor and Sub-Processors shall follow when they are Processing Personal Data on behalf of the Controller.
Purpose List for what purposes and means the Personal Data shall be Processed by the Processor on behalf of the Controller, such as Start-up, System check-ups etc.
Categories of Data Subjects List what categories of Data Subjects that the Processor will Process Personal Data on, such as Employees, Customers etc.
Categories of Personal Data List what categories of Personal Data that will be Processed by the Processor, such as Name, Postal Address, Employee numbers, Telephone numbers etc.
Processing List what type of Processing that will be performed by the Processor such as, Start-ups, Deletion, Transfers etc.
Geographical location for Processing of Personal Data List all geographical locations where Personal Data will be Processed by the Processor and clearly mark if the geographical location is a country outside the EU or the EES.
The Parties have agreed upon that the Processor shall implement and follow the following safety measures:
Access, authorization and logs Personal Data shall only be Processed by authorized persons. Authorization shall be limited to those who specifically need access to the Personal Data in order to achieve the permitted purpose, this Agreement and Applicable Data Law. User names and passwords shall be personal and not shared or transferred to other persons. If needed, with regard to the sensitivity of the Personal Data that is being Processed, access to Personal Data shall also be logged.
Transfer of data The Processor shall, upon transferral by electronic means, and especially upon use of open networks or under transportation, ensure that the Personal Data cannot be read, copied, modified or erased by unauthorized persons. Personal Data transferred outside premises controlled by the Processor shall be protected by virtually private networks or encryption.
Service and repairs Service and repairs which are performed by anyone except the Processor shall follow the confidentiality and adequate safety measures set out in this Agreement.
Storage and deletion The Processor shall take the following measures in order to ensure sure that Personal Data is protected from accidental deletion and to ensure Personal Data is deleted, destroyed or stored in such a way that it can no longer be recreated when the Processing of Personal Data is terminated:
APPENDIX 1.2 – APPROVED SUB-PROCESSORS
- Company and registration number: Google Ireland Limited, 368047
- Geographical location: European Union
- Task/Processing: Storage & Computing (Google Cloud Platform)
- Transfer to third countries and safety mechanisms: Data centers in Finland, Belgium, Netherlands, Germany and UK (Within EU/EEA)