Join us on 22nd Sept 2022 for a session on "Scaling product design and development with DesignOps"

Legal

Privacy Policy

We, Cubyts Research Labs Inc. (“Cubyts”, “We”, “Company”) are the owners of the website  www.cubyts.com (“Website ”), id.cubtys.com (the “Identity provider”) and a design ops platform       app.cubyts.com  (“the App”). The Website, the Identity provider and the App are collectively referred to as the platform (the “Platform”). The users can through the Platform integrate design strategy, processes, and workflows into the software product life cycle (“Services”).     

We respect data privacy rights and are committed to protecting personal information collected on this Platform. This privacy policy (“Privacy Policy”) sets forth how we collect, use and protect the personal information collected on this Platform.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CONTINUING TO USE THE PLATFORM, PROVIDING US PERSONAL INFORMATION, YOU CONSENT TO OUR USE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY WITHDRAW YOUR CONSENT OR ALTERNATIVELY CHOOSE NOT TO PROVIDE YOUR PERSONAL INFORMATION ON THE PLATFORM. SUCH AN INTIMATION TO WITHDRAW YOUR CONSENT CAN BE PROVIDED BY EMAIL TO COMMUNICATION DETAILS MENTIONED BELOW.

IF YOU ARE ACCESSING THE PLATFORM ON BEHALF OF A THIRD PARTY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH THIRD-PARTY TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND, IN SUCH AN EVENT YOUR USE OF THE PLATFORM SHALL REFER TO USE BY SUCH THIRD PARTY. IF YOU DO NOT HAVE SUCH AN AUTHORITY (TO PROVIDE ANY PERSONAL INFORMATION OF A THIRD PARTY) OR DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, THEN YOU SHOULD REFRAIN FROM USING THE PLATFORM.

This Privacy Policy is an electronic record in the form of an electronic contract being compliant and construed in accordance with data protection laws of the jurisdictions such as The Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under The Information Technology Act 2000 (“Privacy Rules”) that require publishing of privacy policy for the collection, use, storage and transfer of sensitive personal data,  the UK Data Protection Law, the applicable personal data protection laws and regulations of The United States of America (“US”), and The European Union (“EU”) general data protection laws (“the GDPR”).                                                                                                                                                

Definitions
  • “User(s)”, “you”, “your” shall mean and include business organizations, commercial establishments, and their permitted users that avail the Services through the App.  
  • “UK Data Protection Law” means the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing.
  •  “Visitor” shall mean individuals who visit the Website or may opt to share Personal Information to reach out to us.  
Personal Information Collected

This Privacy Policy applies to Personal Information collected by the Company, through the Platform about the Users, for providing the Services. For the provision of the Services, the User is required to complete the registration/subscription formalities, after completion of such formalities, Company shall create an account for the User (“User Account”). For availing the Services and for connecting with us through our Platform, the User shall be required to share/upload certain Personal Information. For purposes of this Privacy Policy, “Personal Information” means information that can be used to personally identify the User, including but not limited to User’s name, photograph, company name, role,   e-mail address.

We may also automatically collect certain information through cookies to improve our Platform, such as pattern of your use of the Platform, visits, material that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information, IP address and date and time when you access or use Platform. Cookies are small, encrypted files, that the Platform transfers to the device through which you access our Platform. For more information, please refer to our cookie policy (https://cubyts.com/legal/#cookie-policy)

Accuracy of information

User undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personal Information shared with us whether of its own or any third party. In the event the User is sharing any Personal Information on behalf of a third person, the User represents and warrants that he has the necessary authority to share such Personal Information with the Company, obtained a written consent from such third party and the Company shall not be responsible for verifying the same. The User understands and acknowledges that such Personal Information shall be subject to the terms and conditions of this Privacy Policy. 

Use of Personal Information

We use the Personal Information for the following purposes:

  1. to inform you about our Services and to respond to your requests;
  2. for creation or development of business intelligence or data analytics in relation to the Services provided by us (for this purpose we may share the Personal Information with certain software or tools available online)
  3. to provide you with a better experience when you access our Platform and to improve the Services;
  4. to maintain and manage our Platform;
  5. to manage our relationship with you;
  6. for internal record keeping; and to comply with our legal or statutory obligations.
Disclosures

We do not sell, rent, share, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. Keeping this in mind, we may disclose your Personal Information in the following cases:

  1. Affiliates: We may provide your Personal Information to our affiliates to enable them to improve the Offerings, provide feedback and respond to their queries.
  2. Service Providers: We may share your Personal Information with the service providers who work with us in connection with operating the Platform and/ or providing the Offerings. All such service providers are subject to stringent confidentiality restrictions consistent with this Privacy Policy.
  3. Merger or Acquisition: We may transfer your Personal Information if we are acquired by another entity, or if we merge with another company or transfer a part of our business, including the Platform, to a third party. Any such third party or resultant entity that receives your Personal Information shall have the right to continue to use your Personal Information in line with the purposes set out herein. In the event of such a sale or transfer, we may notify you.
  4. Legal and Regulatory Authorities: We may disclose your Personal Information in order to comply with our legal obligations/ court orders/ requests by Govt. authorities.
Third Party Tools

Company or third parties may make available on the Platform third-party tools along with the Services (“Third Party Tools”). Services may contain features designed to interoperate with Third Party Tools. To use such features, User may be required to obtain access to such Third Party Tools from their Third Party Service Providers. You are allowed to copy third party URLs (Uniform Resource Locators) provided by platforms like Google, Microsoft, Dropbox, Figma and others; you can collaborate with other Cubyts users using the collaboration functionalities offered by the Platform.

We use the URL for the following purposes:

(i) You are provided with an explicit option to copy openly accessible and protected (authorization enabled) URLs from third party websites and save them in the Platform.

(ii) If the URL is protected (i.e. needs your authorization) then we seek your explicit authorization before we save the URL in the Platform, the scope of authorization is provided to you when you authorize the Platform.

  1. Note: In the case of protected URLs, You have the right to deny authorization.

(iii)   The platform saves only the URL and not the content/outcome/desired result appearing from the use of the URL. The content resulting from the use of the URL resides with the provider and only the URL is saved in the platform.

(iv)   The Platform renders the content in the URL as an IFRAME, a standard technology (or HTML element) that allows embedding another document within the current HTML document delivered by the Platform. 

(v) You may delete this URL stored by the Platform to remove any references.

(vi)   You may also delete the authorization provided by you by directly going to the provider’s administration page/account management page (e.g. you may go to Google’s account management page to remove access to the Platform).

(vii)  The Platform does not share the URL unless approved by you with any other user of the Platform.

(viii)The Platform adheres to the terms and conditions & user data policies enforced by the provider. In a case where the Platform uses provider’s APIs then the Platform adheres to the Provider’s APIs terms of service.

(ix)   You may reach out to support@cubyts.com if you have any questions about this section.

Data Retention

We will retain User’s Personal Information as long as it is required to be retained for the purpose of provision of the Services. We may also retain and use User’s Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

Your Personal Information is stored on public cloud infrastructure hosted on  AWS (Amazon web services).  We have implemented algorithms to encrypt Personal Information. Although we provide appropriate firewalls and protections, we cannot warrant the security of Personal Information transmitted as these systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, technical issues is possible, and we will take necessary measures to mitigate such events. 

Your Rights

Visitors of the Website that have shared Personal Information with us through the Website have the  right to access  Personal Information in our possession, right to have us rectify or modify any such Personal Information, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of  Personal Information, withdraw consent at any time where we are relying on consent to process       Personal Information Depending on the nature of the request, we may ask  Visitor of the Website  to complete a Personal Information request form or seek certain details to verify the request.      In certain cases, we may charge a fee for this service, and  we will inform at the time. All requests for Personal Information will be handled within a reasonable period of time. If such Visitor  would like to exercise ANY of these rights, please contact support@cubyts.com. For any further issues related to the App Users may reach out to their admin, if the issue is not resolved through the admin they may reach out to us at the above-mentioned email address.  

Choice and Opt-Out

We may send you communications including but not limited to (a) notices about your use of our Platform and Services, including those concerning violations of use, (b) updates, (c) promotional information regarding our Services, and (d) newsletters. You may opt out of receiving promotional emails and newsletters from us by following the unsubscribe instructions provided in those emails. Alternatively, you can opt out, at any time, by emailing support@cubyts.com with your specific request.

Information for EU and UK Visitors      

Residents of the European Union (“EU”) and United Kingdom (“UK”) should note that this Privacy Policy has been updated in accordance with the requirements of the EU General Data Protection Regulation (the “GDPR”) and the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing (“UK Privacy Laws”). As per the provisions of the GDPR and UK Privacy Laws we shall be considered the Controllers of the Personal information collected as a result of your use / access of the Website and Processors of the Personal information collected as a result of your use / access of the Platform.

Legal Basis (for EU residents and UK residents): We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information only on the legal bases of consent, contract, or on the basis of our legitimate interests, provided that such interests are not overridden by your privacy rights and interests.

Transfer of your personal information across borders (for EU Residents): The Personal Information we collect (of EU and UK residents) is stored on servers located in the EU region. Personal Information might be processed outside the EU and UK. We collect and transfer Personal Information outside the EU and UK in accordance with the provisions of the GDPR and UK Privacy Laws. If you have questions, please contact legalqueries@cubyts.com

Your Rights (For EU and UK Residents):
  • You have the right to request us,
  •  to let you know what Personal Information belonging to you,
  •  we hold in our possession, 
  • withdraw consent at any time where we are relying on consent to process your Personal Information, 
  • right to have us rectify or modify any such Personal Information, 
  • right to have us erase/delete your Personal Information, 
  • right to restrict us from processing such Personal Information, 
  • right to object to our use of your Personal Information, 
  • you have the right to lodge a complaint with a data protection authority. 

UK residents have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. We may need to request specific information from you to help us confirm your identity or also contact you for further information in relation to your request. If you would like to exercise ANY of these rights, please contact legalqueries@cubyts.com

Governing Laws: For any EU and UK residents, this Privacy Policy shall be governed respectively by the provisions of the GDPR and UK Privacy Laws.

California resident rights
If you are a California resident, you have the rights as mentioned below;
  • Access- You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. If we have disclosed your Personal Information for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient. If we have sold your Personal Information over the past 12 months, we will identify the categories of Personal Information purchased by each category of third-party recipient.
  • Deletion- You have the right to request that we delete the Personal Information that we have collected from you. 

Exercising Your Rights – To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Information and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request. We will respond to your Valid Request within 45 days of receipt. We will not charge you with any fees for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants any fees, we will notify you of the fees and explain that decision before completing your request. You may submit your Valid Request at [insert email address]

No Discrimination

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our Offerings, charge you different prices or rates, or provide you a lower quality of our Offerings if you exercise your rights under the CCPA. 

Links to other Websites

Our Platform may contain links to other Platforms/applications of your interest. Please note that we do not have any control over such other Platforms/applications, and you will be accessing these Platforms/applications at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such Platforms/applications and those are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to such Platforms/applications.      

Limitation of liability

To the extent permissible under the law, we shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to, damages for loss of profits, goodwill, data, information, or other intangible losses (even if we have been advised of the possibility of such damages), arising out of this Privacy Policy.

Governing laws

This Privacy Policy shall in all respects be governed by and construed and enforced in accordance with the laws of State of Delaware, USA and the courts of Delaware shall have an exclusive jurisdiction to adjudicate any subject matter under this Privacy Policy.      

Changes to this place

Please revisit this page periodically to stay aware of any changes to this Privacy Policy, which we may update from time to time. If we modify this Privacy Policy, we will make it available through the Website and indicate the date of the latest revision. If such modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change via email or through our Website.

This Privacy Policy was last modified on 18th January 2022.

Contact us

If you have any questions or concerns or grievances regarding this Privacy Policy, or wish to withdraw your consent in relation to the processing of your Personal Information you can reach out to our appointed grievance redressal officer Raghu Sarangarajan via email at raghu@cubyts.com.

End User License Agreement

BY CLICKING ON THE “I AGREE” (OR SIMILAR BUTTON) OR BY ACCESSING THE SOFTWARE (DEFINED BELOW) AND AVAILING THE SUBSCRIPTION (DEFINED BELOW), THROUGH THE SUBSCRIBER’S SUBSCRIPTION TO THE SOFTWARE YOU INDICATE YOUR ASSENT TO THE FOLLOWING TERMS OF THIS END USER LICENSE AGREEMENT (THIS “AGREEMENT”).  ACCORDINGLY, THIS EULA IS A LEGAL AGREEMENT BETWEEN  YOU (DEFINED BELOW) AND CUBYTS RESEARCH LABS INC., A DELAWARE CORPORATION, WITH ITS REGISTERED OFFICE LOCATED AT 16192 COASTAL HIGHWAY, LEWES, COUNTY OF SUSSEX DELAWARE, USA, (HEREINAFTER REFERRED TO AS THE “CUBYTS”, “LICENSOR“, “COMPANY”, “WE“, “US” AND “OUR“). ACCESS TO THE SUBSCRIPTION  AND YOUR OBLIGATIONS AND LIABILITIES IN THIS REGARD, ARE GOVERNED BY THE TERMS OF THIS AGREEMENT. 

Definitions
  • Content” means all data and materials provided and uploaded by Subscriber and its Permitted Users to the Software for use in connection with the Subscription, from time to time.
  • Documentation” shall mean the knowledgebase on Freshdesk, in relation to the Software to enable the Permitted Users to use and understand the operations of the Software including technical documentation, if any.  
  • Enhancement(s)” shall mean any modification, update or addition to the Software that, when made or added to the solution or modules currently being used by Subscriber, provides minor functionality enhancements but does not change overall utility, functional capability, or application, where such modifications or additions are generally made available by Company to all its customers under Services (as defined below) without any additional costs. Enhancements are generally denoted by minor version level (e.g., v1.1.0 to v1.1.1) changes, as determined by Company. 
  • Main Agreement” will mean Software as a Service Agreement entered into between the Subscriber and Company with respect to the Subscription and as amended from time to time.
  • “Permitted User(s)” or “your” or “you” shall mean an employee, client or contractor of the Subscriber or any other entity connected with the  Subscriber who may access the Software and use the Subscription pursuant to Subscriber’s Subscription to the Software.
  • Software” shall collectively mean: (i) Cubyts’ proprietary design ops software hosted at app.cubyts.com, for integrating design strategy, processes, and workflows into the software product life cycle and offering similar functionalities; (ii) Cubyts’ website hosted at www.cubyts.com; and (iii) Cubyts’ identity provider software, hosted at id.cubyts.com, all of which are offered as an internet accessible Service hosted by Cubyts on cloud, on a Software as a Service basis, , along with the tool(s), app(s), solution(s)/ accelerator(s) component(s), add-on(s), file(s), module(s), external(s), content(s),  source code, object code, any future Enhancement(s), and any customization(s) or modification(s) thereto or thereof which are integrated with the Software, as described in the Documentation, and provided by Cubyts to the Subscriber on “as is” basis.
  • Service(s)” shall mean the internet accessible service hosted by Cubyts on cloud to offer the Software to the Subscriber. 
  • Subscription” shall mean the limited, revocable, non-exclusive, non-transferable and non-sublicensable license granted to the Subscriber to use and access the Services through the Software in accordance with the terms of the Main Agreement. 
  • Subscriber” shall mean the entity which has availed a Subscription to the Software and agreed to the terms of the Main Agreement. 
  • Subscription Term” will mean the term as agreed in the Main Agreement during which the Subscriber has availed the Subscription to the Software.
Subscription

Subject to the terms and conditions herein, the Company grants to the Permitted User during the Subscription Term, the right to use and access the Subscription through Subscriber’s Subscription under the Main Agreement, for Subscriber’s internal business use (the “Purpose”). Nothing herein contained shall be construed as granting to the Permitted User any intellectual property right, in the Software or to the Subscription, except as expressly provided for hereunder.

Account Management

 As a condition for using the Subscription, the Permitted Users shall be required to register with the Company and select a password and enter his/her email address. In this regard, the Permitted Users shall provide accurate, complete, and updated registration information. The Permitted User understands that failure to do so shall constitute a breach of this Agreement, which may result in immediate termination of Permitted User’s account. It is the primary responsibility of the Permitted Users to use the Software as directed, however, this shall in no manner undermine any authority or rights of the Company. The Permitted User shall be responsible for maintaining the confidentiality of its account. The Company shall not be liable for any loss of data or functionality caused directly or indirectly by the Permitted Users.

Restrictions

The Permitted User shall not, directly or indirectly, i) copy, modify, adapt, translate, reverse engineer, decompile, disassemble, alter, reproduce or otherwise make any changes to the Software, or ii) use the Software in any manner to provide time-sharing, benchmarking or other computer services to third parties, except as expressly provided herein, or allow any third party to access or benefit from the functionality of the Software, or iii) use the Software for any purpose other than the purpose specified under this Agreement, or iv) allow use of the Software by anyone other than the Permitted Users, or v) reverse-engineer, modify, amend, reproduce, republish, translate into any language or computer language, re-transmit in any form or by any means, resell or re-distribute the Software without the prior written consent of Company, or vi) upload, transmit or otherwise make available in connection with the Software any unsolicited or unauthorized advertising or promotional materials, which by way of illustration but not limitation includes “junk mail,” “spam”, “chain letters” and “pyramid schemes”, or vii) upload, transmit or otherwise make available in connection with the Software any content that is unlawful, harmful, threatening, abusive, harassing, torturous, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable, or viii) upload, transmit or otherwise make available in connection with the Software any content that the Permitted User does not have a right to make available under all applicable laws, or contractual or fiduciary relationships (which, by way of illustration but not limitation, includes inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under non-disclosure agreements), or ix) upload, transmit or otherwise make available in connection with the Software any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment, which by way of illustration but not limitation includes viruses, time bombs, trojan horses and other malware; or x) violate (intentionally or unintentionally) any applicable local, state, national or international laws or regulations in connection with the Software , including but not limited to those related to intellectual property rights, privacy or security. The Permitted User shall have no rights to the Software other than as specifically granted herein.

Intellectual Property Rights
  • Any and all ownership rights to the Software, Enhancements and Documentation and branding thereof, including intellectual property rights therein is the sole and exclusive property of the Company. This Agreement does not grant the Permitted User, any rights, title and interest in and to Software, Enhancements, Documentation, its contents, and branding thereof, except where expressly and unequivocally licensed herein. 
  • The Permitted User agrees that it shall not directly or through the Subscriber, assert, or authorize or assist, or encourage any third party to assert, against Company any infringement or misappropriation of intellectual property rights related claim regarding the Software, Enhancements and Documentation.
Permitted User Content

The Permitted User shall ensure that the Content does not: (i) include anything that actually or potentially infringes or misappropriates the copyright, trade secret, trademark or other intellectual property right of any third party, or (ii) contain anything that is obscene, defamatory, harassing, offensive or malicious or (iii) introduce any software viruses or other harmful or deleterious computer code, files, or programs, such as trojan horses, worms, time bombs, or cancelbots. The Permitted User acknowledges and agrees that the Company uses certain third-party tools for analytical purposes and may use Content and track Permitted User’s usage of the Software for any purpose including but not limited to research, analytics, and to improve the services.  Company takes no responsibility and assumes no liability for any Content that you post or upload on the Software. You understand and agree that any loss or damage of any kind that occurs to the Content that you send, upload, download, post, transmit, display, or otherwise make available or access through use of the Software, is solely your responsibility.

Privacy & Security

The Company states that it endeavours to protect the privacy of the Permitted User and the integrity and security of the Permitted User’s personal information. The personal information collected by the Company is subject to and governed by our Privacy Policy located at (https://cubyts.com/legal/#privacy-policy). Permitted User understands and agrees that by using the Subscription, Permitted User has consented to the collection, use and disclosure of Permitted User’s personally identifiable information and aggregate data as set forth in our Privacy Policy, and to have Permitted User’s personally identifiable information collected, used, transferred to and processed. 

Confidentiality
  • Confidential Information” will mean information disclosed by one Party to the other and which includes, without limitation the financial, business, technical and marketing information, business plans, methods, processes, inventions, techniques, designs, data, know-how, ideas, concepts, strategies, trade secrets, Software product and services and any such other information. The Company’s Confidential Information will include the information about the Software, Enhancements and Documentation. Confidential Information does not include information which: a) is in the public domain; (b) was known to the Party of such disclosure or becomes known to the Party without breach of any confidentiality agreement; (c) is independently developed by either Party without violating any confidentiality obligations stated herein; (d) is disclosed pursuant judicial order or requirement of the governmental agency or by operation of law.
  • The receiving Party will keep Confidential Information and proprietary information and data received from the disclosing Party in strict confidence and will not disclose it to any third parties except to a limited group of receiving Party’s directors, officers, agents, authorized representatives on a need-to-know basis. Each Party will use the same degree of care and discretion (but in any event no less than a reasonable degree of care and discretion) to avoid unauthorized disclosure or use of the other Party’s Confidential Information as that receiving Party uses to protect its own information of a similar nature from unauthorized disclosure or use.
  • Upon request by the disclosing Party, the receiving Party will immediately return to the disclosing Party, all Confidential Information disclosed by the disclosing Party and all copies thereof. All such information will be and will remain the sole property of the disclosing Party.
  • The receiving Party agrees that any violation of the confidentiality obligations will cause irreparable injury to the disclosing Party, entitling the disclosing Party to obtain injunctive relief in addition to all legal remedies.
  • The confidentiality obligations stated herein will survive for a period of five (5) years from the date of termination or expiration of this Agreement.
  • Further, Permitted User agrees that under no circumstances the Company or its affiliates or subsidiaries will be held responsible or liable for any loss, damage or harm caused due to Permitted User’s data or information obtained from the Software.
Third Party Software

Third-party Software (if any) used through the Subscription will be subject to separate terms and conditions provided by such third-party Software. The license restrictions contained in this Agreement do not apply to third-party Software to the extent they are inconsistent with such third-party Software terms. The Company will not be responsible for any third-party Software. 

Term and Termination
  • This Agreement will commence upon your acceptance of the terms of this Agreement through or your access to the Software and the Subscription whichever occurs earlier, and unless earlier terminated as provided in this section (Term and Termination), will continue until the earlier occurrence of any of the following events: 
  • the end of the applicable Subscription Term; 
  • termination of Permitted User’s account by the Company; or
  • this Agreement will immediately terminate upon your breach of the terms of this Agreement. 
  • Upon the termination of this Agreement, your access to the Software and the Subscription will immediately cease to exist. 
  • The Sections in this Agreement, which, by their very nature are intended to survive the termination of this Agreement, will survive the termination of this Agreement.
Indemnity

Permitted Users agrees to defend, indemnify and hold harmless the Company and, its subsidiaries, agents, managers, affiliated companies, and their respective employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, and expenses (including but not limited to attorney’s fees) arising from: (a) breach of or violation of applicable laws and regulations, (b) use of the Software other than as permitted under this Agreement; (c) Permitted User’s use of and access to the Software or the Subscription, including any data or work transmitted or received by Permitted User; (d) Permitted User’s violation or breach of any term and conditions of this Agreement including but not limited to confidentiality obligations; (e) violation, infringement, breach or misappropriation of third-party right, including without limitation any right to privacy, publicity rights or intellectual property rights; (f) any claims or damages that arise as a result of any of the Permitted User Content submitted by Permitted User or any content that is submitted via Permitted User’s account; or (g) any other party’s access and use of the Software or Subscription with Permitted User’s unique username, password or other appropriate security code.

Warranty Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SOFTWARE AND SUBSCRIPTION IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS.  THE COMPANY HEREBY DISCLAIMS ALL OTHER IMPLIED OR STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT LOSS OF DATA OR ARISING OTHERWISE IN LAW OR EQUITY OR FROM A COURSE OF DEALING OR USAGE OF TRADE, ALL OF WHICH ARE EXPRESSLY DISCLAIMED AND EXCLUDED. THE COMPANY FURTHER DISCLAIMS WARRANTIES THAT THE SOFTWARE OR SUBSCRIPTION WILL BE FIT FOR THE PURPOSE OR WILL MEET THE PERMITTED USER’S REQUIREMENTS, THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT ANY BUGS OR ERRORS OR DEFECTS WOULD BE FIXED OR THE SOFTWARE OR SUBSCRIPTION WILL OPERATE IN COMBINATION WITH  CONTENT OR SOFTWARE, OR WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEMS OR DATA NOT PROVIDED BY THE COMPANY. ALL SPECIFICATIONS, DOCUMENTATION, INFORMATION, AND OTHER MATERIALS PROVIDED BY THE COMPANY ARE PROVIDED “AS IS” WITHOUT ANY WARRANTY OF ANY KIND, INCLUDING ANY STATUTORY WARRANTIES THAT MAY APPLY TO SUCH SPECIFICATIONS, DOCUMENTATION, INFORMATION OR MATERIALS. THE PERMITTED USER ACKNOWLEDGES THAT THE COMPANY DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING, THE INTERNET, AND THAT THE SOFTWARE AND SUBSCRIPTION MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. THE COMPANY CANNOT AND DOES NOT WARRANT FOR OR PROMISE ANY SPECIFIC RESULTS FROM USE OF SUBSCRIPTION AND ITS RESULTS. 

Limitation of Liability

THE COMPANY WILL NOT BE LIABLE (A) FOR LOSS OR INACCURACY OF DATA (INCLUDING ANY RESULTS DERIVED) OR, COST OF PROCUREMENT OF SUBSTITUTE SERVICES OR TECHNOLOGY, (B) FOR ANY DIRECT OR INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO LOSS OF REVENUES AND LOSS OF PROFITS, LOSS OF CONFIDENTIAL OR OTHER INFORMATION, BUSINESS INTERRUPTION ARISING OUT OF OR IN ANY WAY RELATED TO YOUR USE OF OR INABILITY TO USE THE SOFTWARE OR SUBSCRIPTION. IN THE EVENT THE PERMITTED USER IS NOT SATISFIED WITH ANY TERMS OF THIS AGREEMENT OR THE SOFTWARE, THE SOLE REMEDY AVAILABLE TO THE PERMITTED USER WILL BE TO CEASE ACCESSING THE SUBSCRIPTION AND USING THE SOFTWARE.

Notices

All notices, demands, or consents required or permitted under this Agreement will be in writing. Notice will be considered effective on the earlier of actual receipt or: (i) the day following transmission if sent by facsimile or email with pdf followed by written confirmation; (ii) one day (two days for international addresses) after posting when sent via an express commercial courier; or (iii) five days after posting when sent via post. Notice will be sent to the address for each party set forth on the first page of this Agreement, or at such other address as will be provided by either party to the other in writing.

General Provisions
  • This Agreement along with other policies referred under this Agreement, constitutes the entire or sole legal agreement between you and Company and will govern the use of the Software and Subscription and will supersede and prevail over any prior agreements, whether oral or written, regarding the subject matter hereof.
  • If any court of law, having the jurisdiction to decide on this matter, rules that any provision contained under this Agreement is invalid, then that provision will be removed from the Agreement without affecting the rest of the Agreement. The remaining provisions of the Agreement will continue to be valid and enforceable.
  • The Company will have a right to assign this Agreement to its affiliates or any third parties at any time without notice to Permitted Users.
  • This Agreement will be governed by and construed under laws of the State of Delaware. Unless waived by Company in a particular instance, the sole and exclusive jurisdiction and venue for actions arising under this Agreement will be courts in the State of Delaware and each Party hereby consents to the exclusive jurisdiction of such courts for any such dispute. In addition, you agree that you will only be permitted to pursue claims against the Company through the Subscriber, in accordance with the terms of the Main Agreement. 
  • Any waivers and modifications must be in writing and signed by both parties. No delay or omission by either party in exercising any right or remedy under this Agreement or existing at law or equity will be considered a waiver of such right or remedy.
  • By registering the details with Company, Permitted User agree that we may contact you with important information relating to the Software or Subscription. 
  • No agency, partnership, joint venture, or employment is created between you and the Company as a result of this Agreement, and Subscriber does not have any authority of any kind to bind Company in any respect whatsoever.
  • This Agreement is an electronic record in terms of the applicable laws. This electronic record is generated by a computer system and does not require any physical or digital signatures. This document is published in accordance with the provisions of applicable laws.
  • You agree to use the Software and Subscription at your own risk. If You have any questions, complaints or claims with respect to the Software or Subscription, You should contact support@cubyts.com
  • Company may update the terms and conditions of this Agreement, at its own discretion. Company hereby encourages Permitted User to check these terms and conditions on a regular basis to be aware of the changes made to it which are also available on https://cubyts.com/legal/#EULA for the most recent version. 

This Agreement was last modified on 18th January 2022.

Software as a Service Agreement

BY CLICKING ON THE “I AGREE”/”SIGN UP” (OR SIMILAR) BUTTON OR ACCESSING AND AVAILING THE SUBSCRIPTION (DEFINED BELOW) OR BY WAY OF USING THE SOFTWARE (DEFINED BELOW), THE SUBSCRIBER INDICATES ITS UNDERSTANDING, ACCEPTANCE AND CONSENT TO THE FOLLOWING TERMS OF USE (THE “AGREEMENT”).

 

THE AGREEMENT CONSTITUTES THE LEGAL TERMS AND FORMS A CONTRACTUAL ENGAGEMENT BETWEEN CUBYTS RESEARCH LABS INC., A DELAWARE CORPORATION, WITH ITS REGISTERED OFFICE AT 16192 COASTAL HIGHWAY, LEWES, COUNTY OF SUSSEX DELAWARE, USA (“CUBYTS”) AND THE ENTITY USING, OR AVAILING THE SUBSCRIPTION BY SUBSCRIBING TO THE SOFTWARE (THE “SUBSCRIBER”). CUBYTS HAS DEVELOPED A PROPRIETARY DESIGN OPS SOFTWARE HOSTED AT APPS.CUBYTS.COM (THE “APP”) FOR INTEGRATING DESIGN STRATEGY, PROCESSES, AND WORKFLOWS INTO THE SOFTWARE PRODUCT LIFE CYCLE AND OFFERING SIMILAR FUNCTIONALITIES. CUBYTS IS ALSO THE OWNER OF THE WEBSITE HOSTED AT WWW.CUBYTS.COM (THE “WEBSITE”) AND HAS DEVELOPED AN IDENTITY PROVIDER SOFTWARE, HOSTED AT ID.CUBYTS.COM (THE “TOOL”). CUBTYS OFFERS THE APP, THE WEBSITE AND THE TOOL (HEREINAFTER COLLECTIVELY REFERRED TO AS THE “SOFTWARE”) AS AN INTERNET ACCESSIBLE SERVICE HOSTED BY CUBYTS ON CLOUD (THE “SERVICE(S)”), ON A SOFTWARE AS A SERVICE (“SaaS”) BASIS.

 

DURING THE SUBSCRIPTION TERM, THE SUBSCRIBER DESIRES TO OBTAIN A SUBSCRIPTION TO THE SOFTWARE, FOR THE SUBSCRIBER’S INTERNAL BUSINESS USE AND FOR THE EVALUATION OF THE SOFTWARE AS PER THE PROVISIONS OF THE AGREEMENT (THE “PURPOSE”). THE AGREEMENT PROVIDES AND CAPTURES THE SUBSCRIBER’S TERMS OF USE, RELATING TO THE SUBSCRIPTION (DEFINED BELOW) TO THE SOFTWARE AND THE SUBSCRIBER’S USAGE, AND ACCESS TO THE SUBSCRIPTION THEREOF. BY OBTAINING, ACCESSING OR AVAILING THE SUBSCRIPTION, AND BY USING THE SOFTWARE, THE SUBSCRIBER CONFIRMS AND AGREES TO BE BOUND BY THE AGREEMENT. IF THE SUBSCRIBER DOES NOT AGREE TO BE BOUND BY THE AGREEMENT, CUBYTS REQUIRES THE SUBSCRIBER TO NOT OBTAIN A SUBSCRIPTION TO THE SOFTWARE. ANY PERSON ACCEPTING THE TERMS OF THE AGREEMENT REPRESENTS AND WARRANTS THAT HE OR SHE IS DULY AUTHORIZED BY THE SUBSCRIBER AND HAS LEGAL CAPACITY AS WELL AS THE NECESSARY RIGHTS TO ACCEPT THESE TERMS ON BEHALF OF THE SUBSCRIBER TO ENTER INTO A BINDING AGREEMENT ON BEHALF OF THE SUBSCRIBER WITH RESPECT TO THE MATTERS CONTAINED AND STATED HEREIN.

 

Cubyts and the Subscriber are hereinafter individually referred to as a “Party” and collectively as the “Parties”.

DEFINITIONS

  1. “Affiliate(s)” shall mean any corporation, association, or other entity that directly or indirectly owns, is owned by, or is under common ownership with either Party, respectively, either currently or during the validity of the Agreement. 
  2. “Agreement” shall mean the Agreement, in addition to any and amendments to the Agreement.
  3. “Documentation” shall mean the knowledgebase on Freshdesk, provided by Cubyts to the Subscriber along with the Software.
  4. “Enhancement(s)” shall mean any modification, update, upgrade or addition to the Software that, when made or added to the Software, and its modules currently being used by the Subscriber, provides minor functionality change or improvements to the Software but does not change overall utility, functional capability, or application, where such modifications or additions are generally made available by Cubyts to all its customers as a part of their Subscription to the  Software. 
  5. “Error(s)” shall mean any verifiable and reproducible failure or inability of the Software to perform any material functions set forth in the Documentation due to any programming defect in the Software, when used by the Subscriber as specified under the Agreement or the Documentation by Cubyts. The term “Error”, shall however, not include any failure or inability of the Software that (i) results from the misuse or improper use of the Software, (ii) does not materially affect the operation and use of the Software, (iii) results from any modification to the Software that is not a Cubyts authorized change, (iv) results from any cause beyond reasonable control of Cubyts, including third party cloud environment, hardware, software, firmware, malicious code like virus, trojan or malware.
  6. EULA” shall mean the End User License Agreement of Cubyts, hosted at https://cubyts.com/legal/#EULA, governing the User’s use of the Subscription. 
  7. “Fee(s)” shall mean fees paid by the Subscriber to avail the Subscription as stipulated under the invoice issued by Cubyts.
  8. “Fix(es)” shall mean any modification or addition to the Software that, when made or added to the solution or modules currently being used by the Subscriber, corrects Errors but does not change overall utility, functional capability, or application, where such modifications or additions are generally made available by Cubyts to all its customers.
  9. “Subscription” shall mean the fixed-term, non-exclusive, non-transferable, revocable, non-sublicensable  and limited subscription to use or permit the Users to access and avail the Services by using the Software on a SaaS basis. 
  10. “Subscriber Content” shall mean all data created by or in any way originating with the Subscriber, and all data that is the output of computer processing of or other electronic manipulation of any data that was created by or in any way originated with the Subscriber, whether such data or output is stored on the Subscriber’s hardware, Cubyts’ hardware, or exists in any system owned, maintained, or otherwise controlled by the Subscriber or by Cubyts. 
  11. “Subscription Term” shall have the meaning ascribed to it under Clause 13 of the Agreement. 
  12. “User(s)” shall mean any Subscriber employee, contractor, supplier or any other user of the Software and Services  (on a SaaS basis), who will be bound by the terms of the EULA.  

SUBSCRIPTION

 

  1. Grant of Subscription: During the Subscription Term (above), subject to the payment of Fees set out in Annexure A, the restrictions set out in Section 3 and subject to compliance of the Agreement and the EULA by the Users, Cubyts hereby grants the Subscriber a Subscription to the Software as defined in Section 1 (i). 
  2. Delivery: The Software (including any Enhancements) shall be electronically transmitted by Cubyts via the internet and made available to the Subscriber on a SaaS basis.

RESTRICTIONS

  1. The Subscriber, itself shall not and shall ensure that its Users, or its associated third parties do not, directly or indirectly:
  2. copy, modify, adapt, translate, reverse engineer, attempt to recover the source code, underlying structures, algorithms, decompile, disassemble, alter, reproduce or otherwise make any changes to the Software or the Services or create any derivative works thereof, 
  3. use the Software or the Services in any manner to provide time-sharing, benchmarking or other computer services to third parties, except as expressly provided herein,  
  4. use the Software or the Services, or allow the transfer, transmission, export, or re-export of the Software or Documentation or portion thereof, in violation of any applicable laws or regulations, 
  5. allow the Software to be used for applications/instances, in excess of the Subscription granted by Cubyts,
  6. use the Software or the Services to develop any competing or similar product, 
  7. use any of the Software’s components, add-ons, files, modules, externals, contents, including associated license material, separately from the Software, 
  8. use the Software or the Services with any unsupported software or hardware in any manner not recommended by Cubyts (as described in the applicable Documentation provided by Cubyts). 
  9. The Subscriber shall have no rights over the Software or Services , other than as specifically granted herein. All rights not specifically and unequivocally granted to the Subscriber are reserved by Cubyts.

 

THE SUBSCRIBER’S RESPONSIBILITIES

  1. Workspace Management: As a condition for availing the Subscription, the Subscriber may be required to register with Cubyts. Basis such registration, the Subscriber will be offered a dedicated workspace on the Software (the “Workspace”) . The  Subscriber may thereafter appoint an owner to manage the Workspace. Subscriber will be responsible for allocating projects to the Users within the Workspace. In this regard, Subscriber shall ensure that the Users provide accurate, complete, and updated registration information. Failure to do so shall constitute a breach of this Agreement, which may result in immediate termination of the User’s project access. 
  2. Compliance with Laws and EULA: The Subscriber shall comply with and shall ensure that the Users comply with, all applicable local, state, national and foreign laws, and EULA, in connection with their use and access of the Software or the Services, international communications, and the transmission, storage of technical or personal data. The Subscriber acknowledges that Cubyts exercises no control over the content of the information transmitted by the Subscriber or the Users through the Software or the Services. 
  3. Unauthorized Use; False Information: The Subscriber shall: (i) notify Cubyts immediately of any unauthorized use of any password or user id or any other known or suspected breach of security in relation to the Software or the Services, (ii) report to Cubyts immediately and use reasonable efforts to stop any unauthorized use of the Software and/or the Services, that is known or suspected by the Subscriber or any Users, and (iii) not provide false identity information to gain access to or use the Software and/or the Services.
  4. Access: For Subscription, in addition to providing the log-in credentials of the Users, the Subscriber shall ensure that the Users abide by the terms set forth in the EULA, at all times, while accessing the Software and availing the Services. The Subscriber shall be solely responsible for the acts and omissions of the Users. Cubyts shall not be liable for any loss of data or functionality, caused directly or indirectly by the Users, in breach of the Agreement. 
  5. Subscriber Content. The Subscriber is solely responsible for collecting, entering and updating all the Subscriber Content uploaded on, accessed using, or processed through the Software and/ or the Services, and for ensuring that the Subscriber Content does not (i) include anything that actually or potentially infringes or misappropriates the copyright, trade secret, trademark or other intellectual property right of any third party, or (ii) contain anything that is obscene, defamatory, harassing, offensive or malicious. The Subscriber acknowledges and agrees that Cubyts uses certain third-party tools for analytical purposes and may use the meta information from such Subscriber’s Content to track Subscriber’s usage, on an anonymized basis, for the purpose of research, analytics, and improvement of the Services. 

 

REPRESENTATION AND WARRANTY OF THE SUBSCRIBER

  1. The Subscriber warrants to Cubyts that it has the legal right and authority to enter into and perform its obligations under the Agreement;
  2. The Subscriber hereby acknowledges and agrees that by entering into the Agreement, the Subscriber has had recourse to its own skill and judgment to check the applicability of the Software and to validate if the Services and Software are  suitable for the task for which the Subscriber intends them to be used, and has not relied on any representations made by Cubyts or any of its employees or agents.

 

FEES

  1. The Subscription for the Initial Subscription Term shall begin only upon the payment of the Fees. Except as explicitly provided under the Agreement, all Fees are non-cancellable and  non-refundable. 
  2. All Fees for the Subscription under the Agreement shall be paid by the Subscriber in advance. For the Initial Subscription Term (defined below) or the Renewal Subscription Term, as the case may be, such payment shall be made in advance, simultaneously with the commencement of the Initial Subscription Term or the Renewal Subscription Term, as the case may be. The Subscription shall not commence for the Initial Subscription Term, until the payment of Fees by the Subscriber has been made, in full, in accordance with the terms of this Clause 6. 
  3. For any Renewal Subscription Term (defined below), in the event the payment is not made in the manner set out in the foregoing Clause 6 (b), the Subscription will revert to the free model of Subscription, with limited functions and accesses. 
  4. All Fees and charges under the Agreement shall be exclusive of taxes and shall be borne by the Subscriber. 

 

HYPERLINKS

The Software may, from time to time, contain hyperlinks to other websites, including Cubyts’ external knowledge base. Such links are provided for convenience only and Cubyts takes no responsibility for the content and maintenance of or privacy compliance of any linked website.  Any hyperlink on Cubyts’ Software to another website does not imply its endorsement, support, or sponsorship of the operator of that website nor of the information and/or services which it provides. Cubyts is not a party to any transaction between the Subscriber and such website.

 

PRIVACY & SECURITY

Cubyts cares about the privacy of the Users and the integrity and security of the Users’ personal information. Personal information, if any, collected by Cubyts, in furtherance of the Subscription, is subject to and governed by  the terms of  Cubyts’ Privacy Policy hosted at https://cubyts.com/legal/#privacy-policy. The Subscriber shall ensure that the User understands that by availing Subscription to the Software and Services,  the User shall consent to the collection, use and disclosure of the User’s personal information and aggregate data, as set forth in Cubyts’ Privacy Policy,  and to have such personal information collected, used, transferred and processed. 

 

DISCLAIMER OF WARRANTY

THE SUBSCRIPTION, THE SOFTWARE AND THE SERVICES ARE PROVIDED “AS IS” WITHOUT ANY REPRESENTATIONS, CONDITIONS, WARRANTIES OR COVENANTS WHATSOEVER, INCLUDING WITHOUT LIMITATION, ANY EXPRESS, STATUTORY OR IMPLIED REPRESENTATIONS, WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A  PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY OR ARISING OTHERWISE IN LAW OR EQUITY OR COVENANT, BASED ON A COURSE OF DEALING OR USAGE OF TRADE, ALL OF WHICH ARE EXPRESSLY DISCLAIMED AND EXCLUDED. CUBYTS DOES NOT WARRANT THAT THE SUBSCRIPTION OR THE FUNCTIONS CONTAINED IN THE SOFTWARE AS A SaaS OR SERVICES OFFERED THERETO WILL MEET THE SUBSCRIBER’S OR USERS’ REQUIREMENTS, THAT THE OPERATION OF ANY OF THE SOFTWARE WILL BE UNINTERRUPTED OR THE SERVICES WILL OPERATE IN COMBINATION WITH THE SUBSCRIBER’S OR USERS’ CONTENT OR SUBSCRIBER’S APP, OR WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEMS OR DATA NOT PROVIDED BY CUBYTS. THE SUBSCRIBER ACKNOWLEDGES THAT  CUBYTS DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING, THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES.

 

INTELLECTUAL PROPERTY RIGHTS

  1. Any and all ownership rights to the Services, Software, Documentation, Enhancements, and branding thereof, including intellectual property rights such as copyrights, trademarks, service marks and patents therein are the sole and exclusive property of Cubyts. This Agreement does not grant the Subscriber or any Users, any rights, title and interest in and to Software,  the Services, Documentation, its contents, and branding thereof including Cubyts’ intellectual property rights, except where expressly and unequivocally licensed herein. Any rights not expressly and unequivocally granted to the Subscriber or any Users are reserved by Cubyts.
  2. From time to time, the Subscriber may provide feedback, suggestions, requirements or recommendations (“Feedback”) regarding the Software or the Services. The Subscriber hereby assigns to Cubyts, all right, title and interest to such Feedback and an exclusive right to create any developments based on such Feedback. 
  3. As between Cubyts and the Subscriber, the Subscriber shall retain title to and all ownership rights in the Subscriber Content.  The Subscriber shall grant to Cubyts a worldwide, non-exclusive and non-transferable limited-term license to host, copy, transmit, analyse, process, display, store, configure, and perform the Subscriber Content, solely as necessary to provide the Services to the Subscriber or for the functioning of the Software.

 

CONFIDENTIALITY

  1. Confidential Information” shall mean information disclosed by one Party to the other and which includes, without limitation the Software, Documentation, Enhancements, Fixes, financial, business, technical and marketing information, business plans, methods, processes, inventions, techniques, designs, data, know-how, ideas, concepts, strategies, trade secrets and the Services and such other information. Confidential Information does not include information which:  (a) is in the public domain without disclosure by the Party and without breach of any agreement or confidentiality obligation; (b) was known to the Party at the time such disclosure was made, or becomes known to the Party without breach of any confidentiality agreement; (c) is independently developed by either Party without violating any confidentiality obligations stated herein or access or use of the either Party’s Confidential Information, as evidenced by written records.
  2. The receiving Party shall only use the Confidential Information for the purpose, for which it is disclosed. Furthermore, the receiving Party shall keep Confidential Information and data received from the disclosing Party, in strict confidence and shall not disclose it to any third Parties, except to a limited group of receiving Party’s directors, officers, agents, authorized representatives on a need-to-know basis.
  3. Upon request by the disclosing Party, the receiving Party shall immediately return to the disclosing Party, all Confidential Information disclosed by the disclosing Party and all copies thereof. All such information shall be and shall remain the sole property of the disclosing Party.
  4. The confidentiality obligations stated herein shall survive for a period of five (5) years from the date of termination or expiration of the Agreement.
  5. The receiving Party agrees that any violation of the confidentiality obligations will cause irreparable injury to the disclosing Party, entitling the disclosing Party to obtain injunctive relief in addition to all legal remedies.

 

INDEMNITY

The Subscriber shall indemnify, hold harmless and defend Cubyts, its directors, officers, employees, representatives,  and its Affiliates against any costs or damages arising out of or in connection with any claim relating to (i) the Subscriber’s or Users’ breach of or violation of applicable laws and regulations or (ii) use of the Software or the Services other than as permitted under the Agreement, or (iii) any act or omission of the User, including violation or breach of any terms of the Agreement or, (iv) any breach by the Subscriber of its confidentiality obligations, or (v)breach by the Subscriber of its responsibilities or any representations and warranties under the Agreement, or (vi) a third party claim made against Cubyts for infringement or misappropriation based upon following conduct of the Subscriber or its Users: (a) the Subscriber’s or Users’ combination or use of the Software or the Services  with software, services, or products developed by the Subscriber or third parties; (b) the Subscriber Content or any Subscriber material infringes any patent, copyright or trademark, or misappropriates any trade secret or (c) third party claim made against Cubyts for accessing the personal information or any other data of the Users.

 

LIMITATION OF LIABILITY

NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR SPECIAL DAMAGES, HOWSOEVER CAUSED, IN CONNECTION WITH THE AGREEMENT, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 

NOTWITHSTANDING THE FOREGOING, THE MAXIMUM AGGREGATE LIABILITY OF CUBYTS (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE)) HEREUNDER FOR ALL DAMAGES, UNDER OR IN CONNECTION WITH THE AGREEMENT, REGARDLESS OF THE FORM OF ACTION, SHALL BE LIMITED TO THREE MONTHS OF THE FEES FOR SUBSCRIPTION, PAID BY THE SUBSCRIBER UNDER THE AGREEMENT, UNDER WHICH THE CLAIM HAS ARISEN. NO CLAIM AGAINST CUBYTS MAY BE BROUGHT MORE THAN ONE (1) YEAR AFTER THE FACTS GIVING RISE TO SUCH CLAIM HAVE ARISEN. THE FOREGOING LIMITATIONS OF LIABILITY AND EXCLUSIONS OF DAMAGES IN THIS CLAUSE 13 FORM AN ESSENTIAL BASIS OF THE AGREEMENT AND SHALL APPLY, NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED WARRANTY OR REMEDY HEREIN.

 

TERM AND TERMINATION

  1. The Subscription is granted to the Subscriber for the period as mentioned in the Annexure A (“Initial Subscription Term”). Unless the Subscription is terminated in accordance with the Agreement,  subject to payment of applicable Fees, the Subscription shall automatically be renewed for a period of similar duration as that of the Initial Subscription Term (“Renewal Subscription Term”). The Initial Subscription Term and the Renewal Subscription Term shall collectively be referred as (the “Subscription Term”). The Subscription Term shall be effective from the actual date of the Subscription to the Services. 
  2. Either Party may terminate the Subscription without cause, by giving a prior written notice  to the other Party. However, in the event the Subscriber terminates the Subscription for cause, it shall not be entitled to any refund of the Fees, for the remainder of the Subscription Term. 
  3. Either Party may terminate the Subscription, in the event that (i) the other Party is in default of any of its material obligations hereunder and such default is not remedied within thirty (30) days of receipt of written notice thereof or (ii) immediately, if the other Party is adjudicated bankrupt or becomes insolvent, makes any assignment for the benefit of creditors, proceedings are instituted by the other Party seeking relief, reorganization or rearrangement under any laws relating to insolvency, bankruptcy or similar laws of any jurisdiction, a receiver, liquidator or trustee is appointed in respect of any property or assets of the other Party or an order is made for the liquidation, dissolution or winding up of the other Party. 
  4. Cubyts may terminate the Subscription, by giving a prior written notice  to the Subscriber, if the Subscription is inactive for a continued period of six (6) months or the Subscriber ceases to do business.  
  5. Upon the expiry of the Subscription Term or any termination of the Subscription, the Subscriber’s Subscription to the Software and the Services, shall immediately cease and at Cubyts’ discretion, the Subscriber will return/ delete/ destroy any materials (including any Confidential Information) provided by Cubyts to the Subscriber.

 

NON-SOLICITATION

Each Party agrees that it will not, during the Subscription Term of the Agreement and for a period of one (1) year after the termination or expiration of the Subscription, directly or indirectly, solicit the services of (for employment, consulting or otherwise), accept the services of, or employ or engage any person who is employed by the other Party. .

 

INTERPRETATION

This Agreement will, in all events, be construed as a whole, according to their fair meaning, and not strictly for or against a Party, merely because that Party (or the Party’s legal representative) drafted the Agreement. The headings, titles, and captions contained in the Agreement are merely for reference and do not define, limit, extend, or describe the scope of the Agreement or any provision herein. Unless the context requires otherwise, (a) the gender (or lack of gender) of all words used in the Agreement includes the masculine, feminine, and neutral, and (b) the word “including” means “including, without limitation”.

 

FORCE MAJEURE

  1. Except for the obligation of the Subscriber to pay the Fees, in any event or combination of events or circumstances beyond the control of a Party which cannot (a) by the exercise of reasonable diligence, or (b) despite the adoption of reasonable precaution and/or alternative measures be prevented, or caused to be prevented, and which materially and adversely affects a Party’s ability to perform obligations under the Agreement, including but not limited to: 
    1. Acts of God i.e. fire, drought, flood, earthquake, and other disasters; 
    2. Epidemics, pandemics, explosions or accidents; 
  2. Demonetization and other government policy changes;
  3. Quarantine situations, governmental orders, lockdowns, strikes or lockouts; 
  4. Any change in law; or 
  5. Any event or circumstances analogous to the foregoing, the Parties will not hold each other liable for their non-performance of its obligations as set out in the Agreement. Either Party shall have a right to suspend or terminate the Agreement in case such force majeure conditions persist for a period exceeding sixty (60) days. 

 

SEVERABILITY

If any provisions of the Agreement are determined to be invalid, illegal or unenforceable in any respect, including because of the duration thereof, the area covered thereby, or the types of activities restricted thereby, by a court of competent jurisdiction (a) the validity, legality or enforceability of the remaining provisions contained herein shall not, in any way be affected or impaired thereby, and (b) the court of competent jurisdiction making such determination shall have the power to reduce the duration and/or area of such provisions or types of activities restricted and/or to delete specific words or phrases and in its reduced form, such provision shall then be enforceable. The Parties may, acting in good faith, adopt any and all actions required to cause such invalid, illegal and unenforceable provision to be validated and enforced, or, alternatively, to reach an agreement in relation to said null provision whereby each of the Party receives, as far as possible, substantially the same benefits and obligations based on valid provisions, provided that the Agreement is not enforced in a form that materially affects the commercial agreement between the Parties.

 

ASSIGNMENT AND DELEGATION

The Subscriber shall not assign its rights and obligations under the Agreement. Cubyts may assign its rights and obligations under the Agreement, in conjunction with the sale of substantial assets, divestiture, merger or amalgamation, or to its Affiliate, and may delegate or subcontract its duties. Any unauthorized assignment of rights and obligations under the Agreement is void.

 

PUBLICITY 

Cubyts shall have the right to use the Subscriber’s name or logo for promotional purposes or otherwise publicly announce or comment on the Agreement, with Subscriber’s prior written consent, provided that such consent shall not be unreasonably withheld, subject only to compliance by Cubyts of its confidentiality obligations hereunder. 

 

WAIVER

Failure to exercise, or any delay in exercising, any right or remedy provided under the Agreement shall not constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Agreement or by law shall preclude or restrict the further exercise of that or any other right or remedy.

 

GOVERNING LAWS

This Agreement and all rights and obligations under the Agreement shall, in all respects, be governed by and construed and enforced in accordance with the laws of State of Delaware and the courts of State of Delaware shall have the exclusive jurisdiction to adjudicate any subject matter under the Agreement. 

 

NON-COMPETE 

The Subscriber shall not create any software, solutions or services thereof, where such platform, solution or services are the same or substantially similar to the Software or Services or performs a similar function as the Software. 

 

ORDER OF PRECEDENCE

If there is any conflict between an invoice duly raised by Cubyts and the Agreement, then the Agreement will govern for all purposes, except to the extent that the invoice provides for any commercial and payment terms and Fees,   in which case such terms of the invoice  will be applicable. 

 

NOTICES

All notices and other communications required or permitted to be given under the provisions of the Agreement shall be in writing (which term includes electronic mail or email) in English language and shall be deemed to be received upon the earlier of: (i) delivery, if by hand; or (ii) upon receipt, if sent by mail (followed by a registered mail, return receipt requested, postage prepaid) or by an internationally recognized courier service or (iii) addressed to the intended recipient at his/her email address, to the following persons at the following addresses or email addresses, or to such other persons at such other addresses or email addresses as any Party may request by notice in writing to the other Party to the Agreement. All such notices to Cubyts shall be addressed to: 

 

Name: Shashank Deshpande

Address: 16192 Coastal Highway, Lewes, County of Sussex Delaware, USA

Attention: Co-founder and Chief Business Officer

Email: shashank@cubyts.com

 

INDEPENDENT CONTRACTOR 

The Parties are independent contractors and none of their personnel or sub-contractors are agents, representatives or employees of any other Party. No Party owes a fiduciary duty to any other Party.  No Party shall have the authority to bind or make any representations on behalf of any other Party, and no Party shall hold itself out as such or knowingly permit another to rely on such belief.

 

SURVIVAL

If the Subscription is terminated in accordance with the Agreement hereof, the Agreement shall become void and of no further force and effect and neither Party shall have any right or obligation or liability to the other Party under the Agreement, provided however that, the provisions which are necessary to survive, to give effect to the essential purpose of the Agreement, shall survive the termination of such Subscription, without limit in time.

 

ENTIRE AGREEMENT

This Agreement constitutes the entire agreement between the Parties and supersede any prior understanding or representation of any kind preceding the date of the Agreement, and may not be amended, supplemented, varied or otherwise changed, except in writing. There are no other promises, conditions, understandings or other agreements, whether oral or written, relating to the subject matter of the Agreement. Each Party acknowledges that, in agreeing to the Agreement, it has not relied on, and shall have no right or remedy in respect of, any statement, representation, assurance or warranty, other than as expressly set out in the Agreement. This Agreement may be modified by Cubyts, at any time, in its sole discretion. 

 

ELECTRONIC RECORD

This Agreement is an electronic record in terms of the applicable laws. This electronic record is generated by a computer system and does not require any physical or digital signatures. This document is published in accordance with the provisions of applicable laws.

 

GRIEVANCE REDRESSAL

The Subscriber agrees to use the Software and Limited Subscription at its own risk. If the Subscriber  has any questions, complaints or claims with respect to the Software or Limited Subscription, it should contact support@cubyts.com 

 

MODIFICATIONS

Cubyts may update this Agreement in its own discretion. Cubyts hereby encourages Subscriber to check this Agreement on a regular basis to be aware of the changes made to it, which are also available on https://cubyts.com/legal/#SaaS

 

“I ACCEPT”

 

ANNEXURE A- DETAILS OF THE SOFTWARE

 

The subscriber shall be offered a 2 months trial of the Cubyts Team plan upon signing up for the platform. Beyond 2 months, the subscriber shall be to pay for the service and continue to avail the services of the platform. The Teams (Freemium) plan shall offer the following features to the subscriber:

  • Manage Unlimited Design Projects.
  • Manage and Share Best Practices.
  • Access to Project and Workspace repositories.
  • Up to 100 GB space for physical documents.
  • Unlimited Project and Workspace viewers.
  • Unlimited Project and Workspace viewers.
  • Access to all drive integrations.
  • Access to all strategic integrations (as and when they are available).
  • Manage Comprehensive Roles & Authorisation.

 

ANNEXURE B –SUPPORT SERVICES

The Subscriber may write to support@cubyts.com or use the in-platform feedback option to raise a support ticket; the support ticket shall be responded and resolved (if required) by the Cubyts Support Team at the earliest.

Data Processing Addendum

This Data Processing Addendum (hereinafter “DPA”) forms part of the Subscription Agreement (or other similarly titled written or electronic agreement addressing the same subject matter) (“Agreement”) between customer (the “Controller”), and Cubyts (the “Processor”) under which the Processor provides the Controller the platform and services (the “Services”).  at 16192 Coastal Highway, Lewes, County of Sussex Delaware, USAThe Controller and the Processor are individually referred to as “Party” and collectively as “Parties”

The Parties seek to implement this DPA in order to comply with the requirements of EU and UK Data Protection Law (defined hereunder) in relation to Processor’s Processing of Personal Data (each capitalised term as defined under the EU and UK Data Protection Law) as part of its obligations under the Agreement. The terms “Process”, “Processing” and “Personal Data” used in this DPA shall have the same meaning as defined in the EU and UK Data Protection Law.

This DPA shall apply to Processor’s Processing of Personal Data, whether provided by the Controller or its client (the “Client”) or/and its affiliates, or otherwise, as part of Processor’s obligations under the Agreement. 

Except as modified below, the terms of the Agreement shall remain in full force and effect.   

  • Definitions.

Capitalized terms not otherwise defined herein shall have the meaning given to them in the EU and UK Data Protection Law or the Agreement. The following terms shall have the corresponding meanings assigned to them below: 

  1. Data Transfer” means (1) a transfer of the Personal Data from the Client to Controller or the Processor on behalf of the Controller; or (2) an onward transfer of the Personal Data from the Controller to the Processor, or between two establishments of the Processor, or with a Subprocessor by the Processor.
  2. “EU and UK Data Protection Law” means the EU General Data Protection Regulation 2016/679 “GDPR”, and any applicable national laws made under the GDPR, and any regulation superseding any of the foregoing and the UK Data Protection Law.
  3. EU Standard Contractual Clauses” means the contractual clauses attached hereto as Schedule 1 pursuant to the European Commission’s IMPLEMENTING DECISION (EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries which do not ensure an adequate level of data protection or any updated version thereof.
  4. “ITDA” means International Data Transfer Addendum to the EU Standard Contractual Clauses the contractual clauses attached hereto as Schedule 2 issued by the commissioner under S119A(1) Data Protection Act 2018. 
  5. Subprocessor” means a processor/ sub-contractor appointed by the Processor for the provision of all or parts of the Services and who Processes the Personal Data as provided by the Controller and/or the Processor.
  6. “UK Data Protection Law” means the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing.
  1. Purpose of this Addendum:

This DPA sets out various obligations of the Processor in relation to the Processing of Personal Data and shall be limited to the Processor’s obligations under the Agreement. If there is a conflict between the provisions of the Agreement and this DPA, the provisions of this DPA shall prevail.

    1. Categories of Personal Data and Data Subjects. The Controller authorizes the Processor to Process such Personal Data the extent of which is determined and controlled by the Controller. The current nature of the Personal Data is specified in Annex 1 to Schedule 1 and Appendix 1 to Schedule 2 to this DPA.
  • Purpose of Processing. The objective of Processing of Personal Data by the Processor shall be limited to the Processor’s provision of the Services to the Controller/ its Client, pursuant to the Agreement. 
  • Controller’s Processing of Personal Data. The Controller warrants that it has the right and authority to request the Processor to Process the Personal Data and that its instructions for the Processing of Personal Data shall comply with applicable data protection laws and regulations. The Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data, and the means by which the Controller acquired Personal Data.
  • Duration of Processing. The Processor will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing by the Controller.
  1. The Processor’s obligations.
  1. The Processor will follow written and documented instructions received, including by email, from the Controller, its affiliate, agents or personnel, with respect to the Processing of Personal Data (each, an “Instruction”).
  2. The Processing described in the Agreement and the relating documentation shall be considered as Instruction from the Controller.
  3. At the Controller’s request, the Processor will provide reasonable assistance to the Controller in responding to/ complying with requests / directions by Data Subject in exercising their rights or of the applicable regulatory authorities regarding Processor’s Processing of Personal Data.
    1. Data Secrecy. To Process the Personal Data, the Processor will only use personnel who are (i) informed of the confidential nature of the Personal Data, (ii) actually performing the Services in accordance with the Agreement. The Processor will regularly train individuals having access to Personal Data in data security and data privacy in accordance with accepted industry practice and shall ensure that all the Personal Data is kept as strictly confidential. Further, the Processor will maintain appropriate technical and organizational measures for protection of the security, confidentiality and integrity of the Personal Data as per the specifications as per the standards mutually agreed in writing by the Parties. For this clause, an email form of communication by the Parties in determining project specific security standards shall be accepted.
    2. Data Protection Impact Assessments. Upon Controller’s request, the Processor will provide the Controller with reasonable cooperation and assistance needed to fulfil the Controller’s obligation under the EU and UK Data Protection Law to carry out a data protection impact assessment related to the Controller’s use of the Services.
  • Audit Rights
  1. Upon Controller’s reasonable request, the Processor will make available to the Controller, information as is reasonably necessary to demonstrate Processor’s compliance with its obligations under the GDPR or other applicable laws in respect of its Processing of the Personal Data. When the Controller wishes to conduct the audit (by itself or through a representative) at Processor’s site, it shall provide at least fifteen (15) days’ prior written notice to the Processor; the Processor will provide reasonable cooperation and assistance in relation to audits, including inspections, conducted by the Controller or its representative. 
  2. The Controller shall bear the expense of such an audit.
    1. Mechanism of Data Transfers. Any Data Transfer for the purpose of Processing by the Processor in a country outside the European Economic Area (the “EEA”) shall only take place in compliance with the EU Standard Contractual Clauses and UK Standard Contractual Clauses as detailed in Schedule 1 and Schedule 2 to the DPA as the case may be. Where such model clauses have not been executed at the same time as this DPA, the Processor shall not unduly withhold the execution of such template model clauses, where the transfer of Personal Data outside of the EEA is required for the performance of the Agreement.
  • Sub processors.
  1. The Controller acknowledges and agrees that the Processor may engage a third-party Sub processor(s) in connection with the performance of the Services. The current Sub processors engaged by the Processors and approved by the Controller are listed in Schedule 2 hereto.  The Processor shall remain liable to Controller for any failure on behalf of a Sub processor to fulfil its data protection obligations under the DPA in connection with the performance of the Services.
  2. The Processor shall execute the appropriate written agreements with the Sub processors in accordance with, and not less protective than, the provisions of this DPA.
  3. If the Controller has a concern that the Sub processor(s) Processing of Personal Data is reasonably likely to cause the Controller to breach its data protection obligations under the GDPR, the Controller may object to Processor’s use of such Sub processor and the Processor shall comply with the directions/ Instructions of the Controller. 
  • Personal Data Breach Notification.
  1. The Processor shall maintain defined procedures in case of a Personal Data Breach (as defined under the EU and UK Data Protection Law) and shall without undue delay notify Controller if it becomes aware of any Personal Data Breach, unless such Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons. 
  2. The Processor shall provide the Controller with all reasonable assistance to comply with the notification of Personal Data Breach to Supervisory Authority and/or the Data Subject, to identify the cause of such Data Breach and take such commercially reasonable steps as reasonably required to mitigate and remedy such Data Breach. 
  3. No Acknowledgement of Fault by Processor. Processor’s notification of or response to a Personal Data Breach under this DPA will not be construed as an acknowledgement by Processor of any fault or liability with respect to the data incident.
  • Return and Deletion of Personal Data.
    1. The Processor shall at least thirty (30) days from the end of the Agreement or cessation of the Processor’s Services under the Agreement, whichever occurs earlier, shall return to the Controller all the Personal Data, or if the Controller so instructs, the Processor shall have the Personal Data deleted. The Processor shall return such Personal Data in a commonly used formats or in the then current format in which it was stored at discretion of the Controller, soon as reasonably practicable following receipt of Controller’s notification.
  • In any case, the Processor shall delete Personal Data including all the copies of it as soon as reasonably practicable following the end of the Agreement. 
  1. Technical and Organizational Measures. Having regard to the state of technological development and the cost of implementing any measures, the Processor will take appropriate technical and organizational measures against the unauthorized or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (a) the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage; and (b) the nature of the data to be protected [including the measures stated in Annex 2 of Schedule 1 and Appendix 2 of Schedule 2].

 

Schedule 1

SECTION I

Clause 1

Purpose and scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 

(b) The Parties:

  • (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
  • (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’) have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).

(c)These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

(d)The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

(b)These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

(a)Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8.1(b), 8.9(a), (c), (d) and (e); 

(iii) Clause 9(a), (c), (d) and (e);

(iv) Clause 12(a), (d) and (f);

(v) Clause 13;

(vi) Clause 15.1(c), (d) and (e);

(vii) Clause 16(e);

(viii) Clause 18(a) and (b);

(b)Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

(a)Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

(b)These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

(c)These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7

Docking clause

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1 Instructions

(a)The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.

(b)The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

8.2 Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I. B, unless on further instructions from the data exporter.

8.3 Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.4 Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.

8.5 Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).

8.6 Security of processing

(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

8.7 Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8 Onward transfers

The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union 

(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii)the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;

(iii)the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iv)the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

8.9 Documentation and compliance

(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.

(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.

(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non- compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.

(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.

(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.

Clause 9

Use of sub-processors

(a) The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.

(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. 

(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.

(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.

(e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

 

Clause 10

Data subject rights

(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.

(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.

(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.

Clause 11

Redress

(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:

(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii) refer the dispute to the competent courts within the meaning of Clause 18.

(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

Clause 12

Liability

(a)Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

(b)The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.

(c)Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub- processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.

(d)The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.

(e)Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

(f)The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

(g)The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

 

Clause 13

Supervision

(a)Where the data exporter is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.

(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

 

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i)the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;

(ii)the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards 

(iii)any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.

(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). 

(f)Following a notification pursuant to paragraph 

(e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

Clause 15

Obligations of the data importer in case of access by public authorities

15.1 Notification

(a)The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or

(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.

(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.

(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). 

(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.

(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2 Review of legality and data minimisation

(a)The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).

(b)The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request

(c)The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

SECTION IV – FINAL PROVISIONS

Clause 16

Non-compliance with the Clauses and termination

(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.

(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).

(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;

(ii) the data importer is in substantial or persistent breach of these Clauses; or

(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non- compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

 

Clause 17

Governing law

These Clauses shall be governed by the law of the EU Member States, provided such laws allows for third-party beneficiary rights. The Parties agree that this shall be the laws of Ireland. 

Clause 18

Choice of forum and jurisdiction

  1. Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
  2. The Parties agree that those shall be the courts of Ireland.
  3. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
  4. The Parties agree to submit themselves to the jurisdiction of such courts.

 

ANNEX I

Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

1. Name: The entity identified as customer in the Agreement. Address: The address for Customer specified in the Agreement. Contact person’s name, position and contact details: The contact details associated with Customer’s account, or as otherwise specified in the Agreement. 

Activities relevant to the data transferred under these Clauses: Access, Authentication & Support 

Signature and date: By using the Services to transfer Personal Data to Third Countries, the data exporter will be deemed to have signed this Annex I  

Role (controller/processor): Controller 

 

Data importer(s):  [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

1. Name:  Cubyts Research Labs, Inc.  

Address: at 16192 Coastal Highway, Lewes, County of Sussex Delaware, USA 

Contact person’s name, position and contact details: Shashank Deshpande, Co-founder & Chief Business Officer, +1 (408) 400 3240/+91 98900 30513

Activities relevant to the data transferred under these Clauses: . Personal Data is processed for access, authentication, and support.

Signature and date: 

August 15th, 2022

Role (controller/processor): Processor 

 

B. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

Users of the Platform 

Categories of personal data transferred:  Contact Details such as name, email address and company name.  Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

Not Applicable 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuous. 

Nature of the processing

Access, Authentication & SupportPurpose(s) of the data transfer and further processing

To provide access to platform and services.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Deleted once the user is deleted by admins and within 6 months upon termination or end of the subscription.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

For storage and communications purpose. Duration is for the time needed to provide the platform & services.

 

C. COMPETENT SUPERVISORY AUTHORITY

The Data Protection Commission – Ireland 

 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

  1. Data importer ensures that necessary measures are taken for pseudonymisation and encryption of personal data
  2. Data importer ensures ongoing confidentiality, integrity, availability and resilience of processing systems and services
  3. Data importer has taken measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  4. Data importer has implemented processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
  5. Data importer ensures adequate measures for user identification and authorisation .
  6. Data importer ensures the protection of data during storage and transmission
  7. Data importer has taken measures for ensuring physical security of locations at which personal data are processed
  8. Data importer has taken measures for ensuring events logging
  9. Data importer has taken measures for ensuring system configuration, including default configuration
  10. Data importer has taken measures for internal IT and IT security governance and management
  11. Data importer has taken measures for certification/assurance of processes and products
  12. Data importer has taken measures for ensuring limited data retention
  13. Data importer has taken measures for ensuring accountability
  14. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter

 

ANNEX III

LIST OF SUB-PROCESSORS

The controller has authorised the use of the following sub-processors:

  1. Amazon Web Services (A subsidiary of Amazon) – Infrastructure as a Service for Cloud Hosting.
  2. Datadog – Cloud monitoring service for the Cubyts platform.
  3. Stripe – Subscriptions and payment infrastructure for the Cubyts platform.
  4. Github – The developer platform for the Cubyts platform.
  5. Freshdesk – The support infrastructure and tools for the Cubyts platform.
  6. Mailchip – Marketing platform for Cubyts Sales & Marketing.
  7. Hubspot: CRM application for Cubyts Sales & Marketing.
  8. WordPress: Full stack Content Management System for Cubyts Sales & Marketing.
  9. Zohosocial: Social media reach for Cubyts Sales & Marketing.

 

ITDA

This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.

Part 1: Tables

Table 1: Parties

Start date
The Parties Exporter (who sends the Restricted Transfer) Importer (who receives the Restricted Transfer)
Parties’ details Full legal name:      

Trading name (if different):      

Main address (if a company registered address):      

Official registration number (if any) (company number or similar identifier):      

Full legal name: Cubyts Research Lab Inc.

Trading name (if different):      

Main address (if a company registered address): 16192 Coastal Highway, Lewes, County of Sussex Delaware, USA.    

Official registration number (if any) (company number or similar identifier):      

Key Contact Full Name (optional):      

Job Title:      

Contact details including email:      

Full Name (optional): Shashank Deshpande  

Job Title: Co-founder & Chief Business Officer

Contact details including email:  +1 (408) 400 3240/+91 98900 30513, shashank@cubyts.com    

Signature (if required for the purposes of Section ‎2)

Table 2: Selected SCCs, Modules and Selected Clauses

Addendum EU SCCs ☐ The version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information:

Date:       

Reference (if any):       

Other identifier (if any):       

Or

☐ the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum: 

Module Module in operation Clause 7 (Docking Clause) Clause 11
(Option)
Clause 9a (Prior Authorisation or General Authorisation) Clause 9a (Time period) Is personal data received from the Importer combined with personal data collected by the Exporter?
1
2
3
4

Table 3: Appendix Information

“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:

Annex 1A: List of Parties:      
Annex 1B: Description of Transfer:      
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data:      
Annex III: List of Sub processors (Modules 2 and 3 only):      

Table 4: Ending this Addendum when the Approved Addendum Changes

Ending this Addendum when the Approved Addendum changes Which Parties may end this Addendum as set out in Section ‎19:

☐ Importer

☐ Exporter

☐ neither Party

Part 2: Mandatory Clauses

Entering into this Addendum

Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.

Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.

Interpretation of this Addendum 

Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:

Addendum  This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs.
Addendum EU SCCs The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2, including the Appendix Information.
Appendix Information As set out in Table ‎3.
Appropriate Safeguards The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR.
Approved Addendum The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section ‎18.
Approved EU SCCs  The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
ICO The Information Commissioner.
Restricted Transfer A transfer which is covered by Chapter V of the UK GDPR.
UK  The United Kingdom of Great Britain and Northern Ireland.
UK Data Protection Laws  All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
UK GDPR  As defined in section 3 of the Data Protection Act 2018.

 

This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards. 

If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.

If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.

If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies. 

Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into. 

Hierarchy 

Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section ‎10 will prevail.

Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.

Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.

Incorporation of and changes to the EU SCCs

This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:

  1. together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers; 
  2. Sections ‎9 to ‎11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
  3. this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.

Unless the Parties have agreed alternative amendments which meet the requirements of Section ‎12, the provisions of Section ‎15 will apply.

No amendments to the Approved EU SCCs other than to meet the requirements of Section ‎12 may be made.

The following amendments to the Addendum EU SCCs (for the purpose of Section ‎12) are made: 

  • References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
  • In Clause 2, delete the words:

“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;

  • Clause 6 (Description of the transfer(s)) is replaced with:

“The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;

  • Clause 8.7(i) of Module 1 is replaced with:

“it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;

  • Clause 8.8(i) of Modules 2 and 3 is replaced with:

“the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”

  1. References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
  2. References to Regulation (EU) 2018/1725 are removed;
  3. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
  4. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
  5. Clause 13(a) and Part C of Annex I are not used; 
  6. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
  7. In Clause 16(e), subsection (i) is replaced with:

“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;

  • Clause 17 is replaced with:

“These Clauses are governed by the laws of England and Wales.”;

  • Clause 18 is replaced with:

“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and

  • The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11. 

Amendments to this Addendum 

The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.

If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.

From time to time, the ICO may issue a revised Approved Addendum which: 

  • makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
  • reflects changes to UK Data Protection Laws;

The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified. 

If the ICO issues a revised Approved Addendum under Section ‎18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in: 

  1. its direct costs of performing its obligations under the Addendum; and/or 
  2. its risk under the Addendum, 

and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.

The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.

Alternative Part 2 Mandatory Clauses:

Mandatory Clauses Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section ‎‎18 of those Mandatory Clauses.