CLOUD COMPUTING AGREEMENT
Data Processing and Security Terms
These Data Processing and Security Terms (these “Terms”) reflect the parties’ agreement with respect to the processing of End User Data under the hereO Cloud Computing and Service Agreement between End User and KGPS Ltd. (including its affiliates, if applicable) (the “Cloud Computing Agreement” and “hereO“, respectively)
2.1 In these Terms:
- “Content” means any information provided or generated by the End User or End User in the context of the provision of the Services.
- “Data Incident“s means any unlawful or unauthorized destruction, loss, alteration, access, use, or disclosure of End User Personal Data or Watch Holder Personal Data that compromises the security, privacy, or confidentiality of that End User Personal Data or Watch Holder Personal Data.
- “End User“, “you“, “your” and other derivatives mean a parent, a legal guardian or otherwise an authorized adult that has subscribed to the Service to track the Watch Holder.
- “End User Data” means any data provided by the End User in the context of the provision of the Services.
- End User Personal Data” means any information relating to the End User processed in the context of the provision of the Services.
- “Services” means the cloud based service pursuant to the Cloud Computing Agreement that provides location results, that enables parents to keep track of their young children whereabouts directly on their smartphone via a specifically downloadable application.
- “Sub-processors” means the Third Party Suppliers.
- “Third Party Request” means a request from a third party for records relating to End User’s use or Watch Holder’s use of the Services. Third Party Requests can be a lawful search warrant, court order, subpoena, other valid legal order, or written consent from the Watch Holder permitting the disclosure.
- “Third Party Suppliers” means the third party suppliers engaged by HereO for the purposes of processing End User Personal Data and Watch Holder Personal Data in the context of the provision of the Services.
- “Watch Holder” means any child or another person or other holder to which an End User has given the HereO Product to keep track of its movements.
- “Watch Holder Data” means any data provided by the Watch Holder in the context of the provision of the Services.
- “Watch Holder Personal Data” means any information relating to the Watch Holder processed in the context of the provision of the Services.
- “National Data Protection Legislation” means the national provisions adopted pursuant to the Directive 95/46/EC, to implement the Directive 95/46/EC in the country in which the End User is located, or any other data protection law, as applicable.
2.2 The terms “personal data”, “processing”, “data subject” “controller” and “processor” have the meanings ascribed to them in the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “Directive 95/46/EC”).
2.3 Any other terms used in these Terms that are not specifically defined will have the meaning in Directive 95/46/EC.
2.4 In these Terms, (i) the singular shall include the plural and vice versa; and (ii) a reference to any gender or the neutral form shall include reference to the other genders or the neutral form, as applicable.
3 Categories of personal data and data subjects
3.1 Personal data transmitted or displayed by End User or Watch Holders via the Services may include 60 and any other electronic data uploaded to or created by the Services.
3.2 Personal data transferred or displayed via the Services may concern the End User and the Watch Holders. Data subjects may also include individuals whose data the End User or Watch Holders upload to or process via the Services
- Data Controller and Data Processor
4.1 The End User acknowledges that it has chosen to have End User Personal Data and Watch Holder Personal Data processed by HereO as part of the Services within the scope of the Services’ capabilities, which are reflected in these Terms and the Cloud Computing Agreement.
4.2 For the purposes of this Agreement and National Data Protection Legislation (to the extent applicable), in respect of End User Personal Data and Watch Holder Personal Data the parties acknowledge and agree that:
- End User is responsible as sole Data Controller for complying with all applicable National Data Protection Legislation or other laws regulating the processing of any End User Personal Data and Watch Holder Personal Data in the context of the provision of the Services and with its obligations as a Data Controller;
- HereO is a processor acting on End User’s behalf and shall comply with its obligations as a processor under the Agreement and National Data Protection Legislation (to the extent applicable); HereO only processes such End User Personal Data and Watch Holder Personal Data in a manner which is reasonably necessary to provide the Services and only for that purpose;
- As data processor, HereO only acts upon End User’s instructions, which are integrated in these Terms. These Terms, along with End User’s use and configuration of features in the Services, are End User’s complete and final instructions to HereO for the processing of End User Personal Data and Watch Holder Personal Data; any additional or alternate instructions must be agreed to according to the process for amending the Terms;
- End User irrevocably consents to HereO subcontracting the processing of End User Data and Watch Holder Data to Sub-processors, according to the Clause 8 (data transfers) of these Terms,
- Nothing in this Terms and in the Agreement provides for the collection or transfer between the End User and HereO of any Watch Holder Personal Data without the express consent of the Watch Holder, where such consent is required by law. The End User will use reasonable efforts to ensure that the Watch Holder gives consent to the use of Watch Holder Personal Data in the context of the provision of the Services, according to the National Data Protection Legislation or any other applicable law.
- Purposes of Data Processing
5.1 During the term of these Terms and thereafter, HereO will only process End User Personal Data and Watch Holder Personal Data for the scope and purpose of and in accordance with Agreement and will not process End User Personal Data and Watch Holder Personal Data for any other purpose.
5.2 End User agrees that the provision of the Services, in accordance with the Cloud Computing Agreement, is consistent with its processing instructions with respect to the personal data.
- Data Access
6.1 For the term of the Cloud Computing Agreement Agreement HereO will, at its election and in a manner consistent with the functionality of the Services, either:
- Provide End User with the ability to export, correct, delete, or block End User Personal Data and Watch Holder Personal Data; or
- Make such exportation, corrections, deletions, or blockages on End User’s behalf.
6.2 Once End User deletes End User Personal Data or Watch Holder Personal Data via the Services such that this data is not recoverable by End User, HereO will delete (or render permanently inaccessible) this data within a maximum period 60 days
- Limitation of Liability
7.1 End User acknowledges and agrees that end User is solely responsible for any personal information that may be contained in the Content, including any information which end User shares with third parties, and that End User is and remains in compliance with National Data Protection Legislation and any applicable data privacy and protection laws.
7.2 End User acknowledges that hereO does not control the transfer of data over telecommunications facilities, including Internet.
7.3 End User is responsible for the use of the Services by the Watch Holder, any person to whom End User has given access to the Services, and any person who gains access to End User Personal Data or Watch Holder Personal Data or the Services as a result of End User failure to use reasonable security precautions, even if such use was not authorized by the End User.
- Data Transfers and Sub-processors Transfer
8.1 HereO may hire Third Party Suppliers to provide certain limited or ancillary services on its behalf (Sub-processors).
8.2 Additional information about Third Party Suppliers is available at: https://herofamily/third-party-suppliers, as such URL may be updated by HereO from time to time. The information available at this URL is accurate as at the time of publication.
8.3 End User agrees that HereO may transfer End User Data and Watch Holder Data, including End User Personal Data and Watch Holder Personal Data, to Third Party Suppliers as described in these Terms and in the Cloud Computing Agreement and across a country border, including outside EEA or to a country that has not been declared by the European Commission to provide an adequate level of data protection.
8.4 Except as set forth in these Terms, or as End User may otherwise authorize, HereO will not transfer to any third party (not even for storage purposes) End User Data and Watch Holder Data provided to HereO through the use of the Services.
8.5 HereO will ensure that Third Party Suppliers only access and use End User Data and Watch Holder Data in accordance with these Terms.
8.6 End User consents to the Services being provided in the aforementioned countries and by Third Party Suppliers, and is solely responsible under the terms of the Agreement, complies with the applicable data protection laws.
9.1 HereO will apply the security measures as set forth in the Security Attach, which the End User agree meet End User’s processing needs and security requirements. End User is responsible for determining that these measures provide an appropriate level of protection according to the National Data Protection Legislation or any other applicable law.
9.2 HereO will not be responsible to you for unauthorized access to End User Personal Data and Watch Holder Personal Data or the unauthorized use of the Services unless the unauthorized access or use results from HereO’s failure to meet its security obligations stated in the Security Attach.
9.3 HereO will maintain an incident response program appropriate to respond to Data Incidents. If HereO has reason to believe that a Data Incident has occurred, HereO will:
- promptly investigate and take steps to remediate it, and
- notify End User of the Data Incident, according to law applicable and as soon as reasonably possible, once HereO has established the nature of the Data Incident and taken measures to secure End User Personal Data and Watch Holder Personal Data against any imminent harm (consistent with the requirements of law enforcement authorities). End User is solely responsible for fulfilling any third party notification obligations.
- Third Party Requests
10.1 The End User is primarily responsible for responding to Third Party Requests.
10.2 The End User will first seek to obtain the information required to respond to Third Party Requests on its own, and will contact HereO only if it cannot reasonably obtain such information.
10.3 HereO will, at End User’s reasonable expense, and only to the extent allowed by law and by the terms of the Third Party Request:
- Promptly notify End User of its receipt of a Third Party Request;
- Comply with End User’s reasonable requests regarding its efforts to oppose a Third Party Request; and
- If the information is solely held by HereO and reasonably accessible by HereO, provide End User with the information or tools required for End User to respond to the Third Party Request.
10.4 Notwithstanding the foregoing, subsections (a), (b) and (c) above will not apply if HereO determines that complying with those subsections could result in a violation of law.
- Duration of Data Processing and End User Data Deletion or Return
11.1 The duration of data processing shall be for the term of the Service.
11.2 No more than 60 days after expiration or termination of the Agreement, HereO will disable the account and delete End User Data and Watch Holder Data.
11.3 User may require cancellation of any of its End User Data before the 60 days period by sending an email request at contact@hereO.com.uk, request will be processed within 3 business days.
11.4 Users may request cancellation of its account in any moment sending an email to contact@hereO.com.uk