DEXATEK LEGAL

DEXATEK 隱私政策

本隱私聲明描述了樺緯物聯股份有限公司(“ 樺緯物聯” “Dexatek Technology Ltd”” “ΣCasa” “Dexatek” ), 如何通過其手機應用程序和設備本身收集和使用個人信息和其他信息。並描述了有關我們對您的個人信息的使用以及如何訪問和更新此信息的可用選擇。本隱私聲明是對我們網站隱私政策中包含的條款的補充,該條款已併入本產品隱私政策中。

樺緯物聯將遵守包含與本政策不同要求的法律。在某些轄區,樺緯物聯應採用單獨的隱私政策以反映適用的當地法律的要求。

 

位置服務

此應用程序的某些服務使用基於位置的數據。如果您允許這些服務,我們將使用有關Wi-Fi路由器的信息以及離您最近的信號塔的小區ID。我們使用此信息為您提供更好的用戶體驗。

 

收集與使用

我們收集以下個人和設備信息:

-您在設備設置過程中提供的信息,例如名稱,電子郵件地址,每個設備的位置。

-唯一標識符,例如用戶名,帳號和電子郵件地址。

-來自樺緯物聯傳感器的環境數據,例如空氣質量,濕度,當前溫度,環境光,活動或運動。

-設備信息,例如型號和序列號,樺緯物聯的IP地址,設備活動日誌以及歷史和當前設備配置。

-有關您的移動設備的信息,例如您的移動設備類型,操作系統以及您的位置

 

我們使用此信息來:

-提供並改善樺緯物聯各項裝置及平台的功能。

-回應客戶服務要求。

-管理您的帳戶並備份您的數據。

-記錄日誌條目以供您參考並解決設備的故障。

-使用DEXATEK應用程序時向您發送通知。如果您不希望收到這些通知,則可以根據設備類型通過設備或應用程序設置來管理首選項。您也可以通過support@dexatek.com與我們聯繫。

-向您發送營銷信息。

-回答您的問題和疑慮。

 

選擇/取消

您可以按照每封新聞或行銷電子郵件中包含的取消訂閱說明,選擇不接收我們的新聞或行銷電子郵件。或者,您可以通過support@dexatek.com與我們聯繫。

 

第三方獲得的信息

如果您提供有關他人的個人信息,或者如果他人向我們提供您的信息,則我們僅會出於提供給我們的特定原因使用該信息。

 

分享您的信息

我們將僅以本隱私聲明中所述的方式與第三方共享您的信息。

我們也可能向根據保密協議代表樺緯物聯或與樺緯物聯合作的受信任合作夥伴提供個人信息,例如協助我們管理存儲您的個人和設備信息的計算機的公司或組織,分析公司或客戶服務實體。這些第三方被授權僅在向我們提供這些服務所需時使用您的個人信息。

 

我們可能會披露您的個人和/或設備信息:

-根據法律要求,例如遵守傳票,法院命令或類似的法律程序。

-當我們真誠地認為有必要進行披露以保護我們的權利,您的安全或他人的安全時;調查欺詐行為;或回應政府的要求。

-出於戰略或其他業務原因,當樺緯物聯決定出售,購買,合併或以其他方式重組其業務時。如果您對個人信息的所有權或使用方式發生任何更改,以及對個人信息的任何選擇,我們都會通過電子郵件和/或網站上的醒目通知通知您。

-事先徵得您同意的任何其他第三方。

我們可以通過多種方式共享您的匯總和匿名信息,包括發布有關能源使用或家庭安全的趨勢,以及總體上改善我們的產品。

 

追踪與廣告

我們可能會使用Cookie或腳本之類的技術來收集有關您和其他人在應用程序中的交互方式的信息。例如,我們將知道有多少家庭成員在您所在的位置訪問您的設備或訪問該應用程序中的功能。我們使用這些匯總信息來了解和優化應用程序的使用方式,並提供您感興趣的內容和功能。

 

安全

您的個人信息的安全對我們很重要。因此,設備與家庭Wi-Fi網絡上的應用之間的傳輸是加密的;當設備和應用與我們的服務器通信時,傳輸也會被加密。

我們遵循公認的行業標準,以保護在傳輸過程中和接收時傳輸給我們的信息。但是,沒有傳輸或電子存儲設備是100%安全的。因此,我們不能保證其絕對安全。

如果您對應用程序或設備的安全性有任何疑問,可以通過support@dexatek.com與我們聯繫。

 

處理和存儲用戶信息

我們的業務運營和處理從應用程序和設備收集的數據的計算機服務器可能位於多個國家/地區。因此,請注意,在使用DEXATEK服務時,您可能會將您的個人信息以及該應用程序和設備捕獲的所有信息轉移到其他國家或地區的服務器上進行存儲和處理。同樣,我們可能會將您的數據從您使用服務的國家/地區轉移到與數據的存儲和處理,滿足您的要求以及操作DEXATEK系統有關的其他國家或地區。通過應用程序或設備提供任何信息(包括個人信息),即表示您同意代表您本人和家裡的人進行此類傳輸,存儲和處理。

 

其他資訊

糾正和更新您的個人信息

要查看和更新​​您的個人信息,您可以通過該應用查看和編輯您的信息。

只要您的帳戶處於活動狀態或根據需要向您提供服務,我們就會保留您的信息。如果您想取消帳戶或要求我們不再使用您的信息為您提供服務,則可以從移動應用程序中刪除您的帳戶。但是,我們可能會保留並使用您的信息,以遵守我們的法律義務,解決爭端並執行我們的協議。

 

隱私聲明變更通知

我們可能會更新此隱私聲明,以反映對我們的信息慣例或應用程序或設備功能的更改。如果我們進行任何重大更改,我們將在更改生效之前通過電子郵件(發送到您帳戶中指定的電子郵件地址),通過推送通知或應用程序中的通知來通知您。我們鼓勵您定期查看此聲明,以獲取有關我們的隱私慣例的最新信息。

 

聯繫我們

 

我們很樂意解決您對我們的隱私慣例和政策的任何疑慮。如果您對此隱私聲明有任何疑問或疑慮,可以通過以下方式與我們聯繫:support@dexatek.com或通過郵件發送至:

 

樺緯物聯股份有限公司

台灣新北市汐止區新台五路一段81號16樓-1

 

 

上次更新時間:2018年4月23日

 
 

DEXATEK 服務的條款和條件

這些條款和條件是您與樺緯物聯之間的法律合同。樺緯物聯提供(1)位於WWW.SIGMACASA.COM上的網站以及DEXATEK的相關站點,每種情況下都與樺緯物聯的智能家居產品(統稱為“站點”)結合使用,以及(2)通過該站點可訪問的服務可以下載到移動設備上的站點(“ Web應用程序”)和軟件(“移動應用程序”),所有這些都可與DEXATEK的智能家居產品結合使用。站點,Web應用程序和移動應用程序統稱為“服務”。這些條款和條件(合併了我們的DEXATEK隱私政策)(以下稱“條款”)適用於您對服務的使用。

 

單擊“我接受”或使用服務,即表示您同意所有條款;如果您不同意這些條款中的任何一項,請不要單擊“我接受”,也不要訪問或以其他方式使用任何服務。

 

注意:這些條款包含爭議解決條款,這些條款會影響您根據這些條款享有的權利,並且對於您可能會與樺緯物聯發生爭議。

 

 

總覽

 

樺緯物聯提供的智能家居產品可由許多Android和iOS智能手機通過移動應用程序或個人計算機通過Web瀏覽器進行控制。該設備包含門傳感器,燈泡,電源插頭和環境傳感器,如果配置正確,它們可以跟踪溫度,空氣質量,濕度或控制燈泡,電源插頭或檢測門或窗戶的移動。當樺緯物聯偵測到其軟件定義的異常時,會發出警報,例如突然的溫度峰值可能表示火災或入侵者的發現。隨著時間的流逝,樺緯物聯平台學會並了解用戶活動模式,使其能夠發送更智能的通知。樺緯物聯的智能家居產品可與手機應用程序(在較小程度上)與Web應用程序結合使用。

 

這些條款約束您對服務的使用。樺緯物聯可能提供的某些其他付費服務(例如樺緯物聯付費云數據存儲)可能有其他條款或不同條款。同樣,樺緯物聯的有限保修,隱私權政策也可能管轄您的權利,並且是產品和適用軟件的基本使用條款,並已納入這些條款中。

 

 

有條件許可證

 

通過使用服務,您表示,確認,確認並同意您至少20歲,或者(如果您未滿20歲但至少7歲(“未成年人”),則表示您是在您的父母或法定監護人的同意下使用服務,並且您已獲得父母或法定監護人的許可使用服務並同意其條款。如果您是未成年人的父母或法定監護人,則您在此同意將未成年人遵守這些條款,並在未成年人違反其中任何條款的情況下,對樺緯物聯給予完全賠償並使其免受損害。如果您未滿7歲,則您不得隨時或以任何方式使用服務,也不得向樺緯物聯或服務提交任何信息。

 

樺緯物聯通過服務提供內容,這些內容是樺緯物聯網或樺緯物聯的第三方許可方和供應商或其他樺緯物聯設備,移動應用程序或站點用戶(統稱為“材料”)的版權和/或商標作品。材料可以包括徽標,圖形,視頻,圖像,文本,軟件和其他內容。

 

在遵守這些條款的條款和條件以及您對這些條款的遵守的前提下,樺緯物聯特此授予您有限的,個人的,非排他的和不可轉讓的許可,以僅為您的使用和展示材料以及使用服務僅可與樺緯物聯的智能家居產品結合使用。除上述許可外,您對服務或任何材料均無其他權利,並且不得修改,編輯,複製,複製,創建衍生作品,進行反向工程,更改,增強或以任何方式利用任何服務或任何形式的材料。

 

如果您違反這些條款中的任何條款,則上述許可將自動終止,您必須立即卸載或銷毀所有下載或打印的材料,並停止進一步使用服務。

 

 

變化

 

樺緯物聯可以隨時更改,暫停或終止所提供的服務,恕不另行通知。對於服務或其任何部分的任何修改,暫停或中斷,樺緯物聯對您或任何第三方概不負責。通過在樺緯物聯網站上發布更新的條款並在網站上提供通知,樺緯物聯可以隨時更改,更新,添加或刪除這些條款的規定。在樺緯物聯更新條款後使用服務,即表示您同意所有更新的條款;如果您不同意任何更新的條款,則必須停止使用服務。

 

 

暫時停權

 

出於安全原因,系統故障,維護和維修或其他情況,樺緯物聯可能會暫時暫停服務,恕不另行通知。由於任何暫停,您無權獲得任何退款或退款。樺緯物聯不為服務提供任何特定的正常運行時間保證。

 

 

手機應用

 

樺緯物聯使移動應用程序可用於通過移動設備訪問服務。要使用移動應用程序,您必須擁有與該移動應用程序兼容的移動設備。樺緯物聯不保證移動應用程序將與您的移動設備兼容。樺緯物聯不保證並明確否認移動應用程序與您可以在移動設備上下載和/或操作的其他應用程序的兼容性。其他應用程序可能會以不可預測的方式與移動應用程序進行交互,並且樺緯物聯不保證由此類交互導致的故障。上述許可授權不是出售移動應用程序或其任何副本,樺緯物聯及其第三方許可人或供應商保留所有權利,所有權,以及對移動應用程序(以及移動應用程序的任何副本)的興趣。使用移動應用程序可能需要支付標準的運營商數據費用。

 

以下附加條款和條件適用於樺緯物聯提供給您的,設計用於在Apple iOS驅動的移動設備(“ iOS應用程序”)上使用的任何移動應用程序:

 

-   如果您已從Apple Inc.的App Store下載了移動應用程序。您承認這些條款僅在您和樺緯物聯之間,而不在Apple,Inc.(以下簡稱“ Apple”)之間。

-   您對樺緯物聯的iOS App的使用必須符合Apple當時最新的App Store服務條款。

-   樺緯物聯是iOS應用程序和服務提供了其全權負責。您承認並同意Apple不負責就我們的iOS應用提供任何維護和支持服務。在適用法律允許的最大範圍內,Apple對樺緯物聯網的iOS應用程序不承擔任何保證義務。

-   您同意樺緯物聯負責解決您或任何第三方與我們的iOS App或您擁有和/或使用我們的iOS App有關的任何索賠,包括但不限於:(i)產品責任索賠;(ii)侵權索賠;(iii)任何有關iOS應用不符合任何適用法律或法規要求的主張;(iv)根據消費者保護或類似法規提出的索賠,並且所有此類索賠僅受這些條款以及適用於我們作為iOS應用提供商的任何法律的管轄。

-   您同意在使用我們的iOS應用程序時遵守所有適用的第三方協議條款(例如,在使用iOS應用程序時不得違反手機或互聯網服務協議條款)。

-   雙方同意Apple和Apple的子公司是這些條款的第三方受益人,因為它們與您的樺緯物聯網的iOS App許可有關。一旦您接受這些條款,Apple將有權(並且將被視為已接受權利)對您執行這些條款,因為這些條款與您作為iOS第三方受益人的iOS App許可有關。

以下附加條款和條件適用於樺緯物聯提供給您的任何設計用於Android驅動的移動設備(“ Android應用”)的移動應用:

-    如果您已從Google Inc.運營的Google Play下載了移動應用程序,則表明您承認這些條款僅在您和樺緯物聯網之間,而非與Google,Inc.(“ Google”)之間。

-    您對樺緯物聯的Android應用程序的使用必須符合Google當時最新的Google Play服務條款。

-    谷歌只是一個地方,你所獲得的Android應用程序的谷歌遊戲的提供商。樺緯物聯(而非Google)僅對樺緯物聯的Android應用及其上提供的服務和內容負責。對於樺緯物聯 Android應用程序或這些條款,Google對您不承擔任何責任。

-    您承認並同意Google是與本條款相關的第三方受益人,因為它們與樺緯物聯 Android應用有關。

Apple,Apple徽標和iPhone是Apple Inc.在美國和其他國家/地區的註冊商標。App Store是Apple,Inc.的服務商標。Android,Google和Google Play是Google,Inc.的商標。

 

 

註冊

 

要向樺緯物聯註冊,您必須按照移動應用程序或網站上的提示通過註冊頁面提交您的信息,包括您的姓名,電子郵件地址。作為註冊過程的一部分,樺緯物聯將要求您創建一個密碼,該密碼將允許您登錄到服務(“密碼”)。

 

您有責任維護密碼的機密性,並對帳戶中發生的所有活動負責。您同意不共享您的密碼,不允許其他人訪問或使用您的密碼,或做任何其他可能危害您密碼安全性的事情,包括使用您已經與第三方服務一起使用的密碼。您同意在您的任何密碼丟失,被盜,知道您的密碼被未經授權使用或知道與服務有關的任何其他安全漏洞時通知樺緯物聯。

 

您在註冊帳戶時以及通過本網站以其他方式提供的所有信息必須是準確,完整和最新的。您可以通過直接登錄帳戶並進行所需的更改來更改,更正或刪除帳戶中的任何信息。

 

 

連接性和其他要求

 

為了使樺緯物聯產品與服務一起使用,您必須具有可用的寬帶Internet連接和Wi-Fi路由器(802.11 b / g / n),電源插座(用於插入樺緯物聯設備),受支持的移動設備。 (以使用移動應用程序)以及樺緯物聯指定的其他硬件,軟件,設備或物品。對於每個樺緯物聯設備,我們建議使用至少0.75 Mbps的上傳帶​​寬的高速Internet連接。樺緯物聯保留隨時更改任何最低系統要求的權利。

 

您有責任讓您的軟件,硬件和其他系統元素滿足我們服務的系統要求,並確保它們兼容並正確配置。您確認(a)如果不滿足要求和兼容性,樺緯物聯將無法正確提供服務,並且(b)當產品的Internet連接或電源斷開,無法正常運行,被切斷,或乾擾,或產品損壞或破壞。

 

 

安全

 

樺緯物聯關心其用戶個人信息的完整性和安全性。在安全方面,樺緯物聯利用行業最佳實踐和標準。儘管採取了這些步驟,樺緯物聯仍無法保證或保證未經授權的第三方將永遠無法擊敗樺緯物聯的安全措施或將您的個人信息用於不正當目的。您承認自己提供個人信息的風險自負。

 

請您了解樺緯物聯不是安全顧問,並且不能滿足您的所有潛在安全需求。

 

 

不支持的國家或地區

 

儘管可以在全球範圍內使用服務,但並非所有人或所有國家或地區都可以使用樺緯物聯的產品和服務。如果您從不受支持的國家或地區訪問或使用服務,則是您自己主動進行的,並且您有責任遵守適用的當地法律。在法律允許的範圍內,對於因您在不受支持的國家或地區訪問或使用服務而造成的任何損害或損失,樺緯物聯不承擔任何責任。

 

 

樺緯物聯服務的性質和局限性

 

服務旨在為您提供信息,以決定是否要對事件或通知採取行動。儘管樺緯物聯希望服務具有高度的可靠性和可用性,但它們也不會沒有中斷,包括但不限於由於Wi-Fi信號不暢或信號弱,互聯網連接中斷,斷電,電信服務提供商故障等原因,以及移動運營商問題。樺緯物聯對超出其合理控制範圍的原因或第三方的任何作為,錯誤或遺漏,或任何人(包括您)採取的任何行為,錯誤或遺漏不承擔任何責任,損失或損害。對通過服務提供的信息的回應。

 

樺緯物聯保留對可能通過服務存儲的產品數據量及其存儲時間建立條款和限制的權利。

 

 

沒有生命安全或服務的關鍵用途

 

樺緯物聯的產品和服務未經緊急響應認證。請您了解樺緯物聯的產品和服務不是第三方監控的緊急通知系統,並且樺緯物聯不會監視緊急通知,也不會在緊急情況下向您的房屋分配緊急狀態。所有危及生命的事件和緊急事件都應定向到適當的響應服務。

 

 

家居資訊

 

服務為您提供由樺緯物聯設備捕獲的有關您的房屋的信息(“房屋信息”)。所有“家庭信息”均按“原樣”和“可用”提供。我們不能保證它是正確的或最新的。在至關重要的情況下,通過服務訪問家庭信息並不能代替個人評估家庭中的信息。

 

 

煙霧和一氧化碳檢測與空氣質量

 

即使您的產品具有空氣質量,溫度和濕度環境感應功能,您也同意(a)樺緯物聯設備的數量和產品的放置可能無法滿足適用於您的法規,法律或標準中的所有要求或建議。管轄權。(b)您全權負責遵守所有適用的法規,法律和標準,包括與煙霧和一氧化碳探測器的安裝,放置和維護有關的法規,法律和標準;(c)樺緯物聯產品的任何煙霧,一氧化碳或其他空氣質量或環境檢測功能是補充性的,並不打算作為主要火災警報,一氧化碳檢測或其他系統的一部分。您的樺緯物聯設備不是煙霧或一氧化碳探測器的替代品。

 

 

樺緯物聯設備傳輸

 

如果您將樺緯物聯設備轉讓給新所有者,則對該設備使用服務的權利將自動終止,新所有者將無權使用您帳戶下的樺緯物聯產品或服務,並且需要註冊使用樺緯物聯的單獨帳戶。

 

 

樺緯物聯的電子通訊

 

使用服務,即表示您同意接受樺緯物聯的電子通訊。這些電子通訊可能包括有關適用費用和收費的通知,交易信息,以及與樺緯物聯及其廣告商和商業夥伴的服務和產品有關或相關的其他信息。這些電子通訊是您與樺緯物聯關係的一部分。您同意,我們以電子方式發送給您的任何通知,協議,披露或其他通訊將滿足任何法律通訊要求,包括以書面形式進行的通訊。

 

 

隱私政策

 

樺緯物聯維護適用於根據這些條款向您提供的樺緯物聯產品和服務的隱私政策(“隱私政策”)。請查看下面的隱私政策或訪問我們的網站:www.sigmacasa.com,以了解我們如何使用您提交給DEXATEK或我們以其他方式收集的信息。

 

 

專有權

 

樺緯物聯股份有限公司是商標DEXATEK和DEXATEK徽標的專有權利所有者。服務上或通過服務可獲得的其他商標,名稱和徽標均為其各自所有者的財產。

 

除非這些條款另有規定,否則任何服務上或通過任何服務可獲得或出現的所有技術和知識產權,包括移動應用程序,信息,軟件,文檔,服務,內容,網站設計,文本,圖形,徽標,圖像和圖標及其排列是樺緯物聯或其許可方的專有財產。樺緯物聯保留此處未明確授予您的所有權利。

 

 

用戶禁止的活動

 

沒有隱含的權利。除適用法律另有要求或限制外,未經版權所有者或許可證的明確書面同意,嚴禁複製,分發,修改,重新傳輸或出版任何受版權保護的材料。

 

您不得也不得授權任何第三方進行或試圖:(i)修改,翻譯,創建用於出租或出租的軟件的衍生作品,出租,租賃,借貸,分發或再許可,其全部或全部用於提供或服務。部分; (ii)複製或以其他方式複制用於提供服務的軟件,除非本文明確規定;(iii)反編譯,反彙編或以其他方式嘗試進行反向工程,用於全部或部分提供服務的軟件,但在一定程度上,根據適用法律,對反向工程的完全禁止是無效的,並且這種無效不由於本條款受台灣法律管轄而固化,因此客戶僅有權在適用法律要求的最小範圍內這樣做,以允許該軟件與客戶的其他軟件進行互操作;(iv)繞過或刪除任何防止未經授權複製或使用服務的複制保護方法;(v)刪除,遮掩或更改可能包含在服務中或與服務有關的專有權利聲明(包括版權,專利和商標聲明);(vi)刪除,規避,禁用,損壞或以其他方式乾擾服務的與安全相關的功能,阻止或限制使用或複制可通過服務訪問的任何內容的功能,或對服務的使用施加限制的功能;(vii)嘗試訪問,監視或使用其他樺緯物聯客戶的智能家居產品;(viii)訪問服務以構建相似或具有競爭力的產品或服務;或(ix)干擾,破壞,

 

 

軟體更新

 

請您了解樺緯物聯可能會不時發布服務的軟件的新發行版或版本,包括更新和升級。樺緯物聯可能會向您的設備提供這些新發行版本。您同意樺緯物聯可以自動在您的移動設備和樺緯物聯產品上下載並以電子方式安裝軟件。您在此同意在您的移動設備或樺緯物聯產品上進行這種無線和自動下載和​​安裝,並同意這些條款將適用於發行軟件的所有後續版本。您確認軟件更新對於設備的持續最佳功能可能至關重要,並且無法實施軟件更新可能會導致設備功能故障。

 

 

免責保險責任;放棄代位

 

您同意樺緯物聯不是保險公司,並且樺緯物聯不為您提供任何類型的保險。您支付的金額不是保險費,並且與您的財產,位於您的場所的任何其他財產的價值或您的場所的任何損失風險無關。相反,樺緯物聯收取的費用僅基於樺緯物聯提供的設備和服務的價值以及樺緯物聯在這些條款下承擔的有限責任。如果您想購買保險以防在自己的場所遭受損失,則必須購買保險。如果發生任何損失,損壞或傷害,您將只向保險公司求助,而不是樺緯物聯來賠償您或任何其他人。

 

 

免責聲明;賠款

 

服務是按“原樣”提供的,並且樺緯物聯對本服務不提供任何形式的保證,因此樺緯物聯對此不作任何明示,暗示,法定或其他形式的擔保,包括但不限於適銷性,令人滿意的質量,對特定用途的適用性,標題,無侵權,準確性或可能因交易,使用或交易慣例而引起的任何其他保證或擔保的暗示保證。樺緯物聯不對(I)使用或不能使用服務或(II)以正確,準確或可靠的條款進行任何此類使用的結果提供任何保證,擔保或其他承諾。客戶理解並同意,它將承擔有關服務結果和性能的全部風險。某些司法管轄區不允許排除某些擔保和/或放棄某些擔保。在此範圍內,客戶對服務的使用受此類司法管轄區的法律管轄,並且台灣法律無法通過本協議的強制性來強制執行此類排除和/或豁免,因此,必須嚴格遵守上述規定。根據此類司法管轄區的適用法律允許。

 

樺緯物聯的設備和服務不會導致也不能消除他們打算檢測或避免的事件的發生,包括但不限於火災,洪水,盜竊,搶劫和醫療問題。樺緯物聯不保證或擔保樺緯物聯產品或服務將檢測或避免此類事件或其後果。樺緯物聯不承擔您或您的財產或他人的財產可能遭受傷害,損害或發生此類事件的損失風險。風險分配由您自己決定,而不由樺緯物聯負責。您釋放,放棄,解除並保證不會對樺緯物聯提起任何形式的與產品或服務有關的損失,損壞或傷害的訴訟或提出任何類型的索賠。

 

樺緯物聯及其許可方和供應商不保證缺陷會得到糾正或服務(i)可以滿足您的需求或要求;(ii)與您的家庭網絡,計算機或移動設備兼容;(iii)將不間斷,及時,安全或無錯誤地提供;(iv)將是準確或可靠的;或(v)將在任何給定時間或全部發出通知。您從樺緯物聯或通過服務獲得的任何口頭或書面建議或信息均不構成任何保證。

 

您同意不會出於任何生命安全或關鍵目的而依賴該服務。僅出於提供信息的目的提供有關樺緯物聯產品狀態和警報的移動通知。

 

 

責任限制

 

在任何情況下,不論採取何種形式的行為,樺緯物聯均不對任何形式的使用損失,業務中斷,利潤損失或數據丟失或間接,特殊,懲罰性,偶發性或繼發性損害負責,侵權(包括過失),嚴格責任或其他方式,即使已告知樺緯物聯可能發生此類損害。

 

與本協議相關的所有訴訟原因和所有責任理論對您造成的累計賠償總額將僅限於且將不超過您購買的服務的購買價格。某些司法管轄區不允許對某些種類的損害進行限制,排除和/或放棄。在一定程度上,客戶對本服務的使用受此類管轄權和此類限制的法律約束,因此,台灣法律,管轄範圍內的限制和/或上述限制均無法通過本協議的合法性來排除和/或免除損害賠償。應僅在此類司法管轄區的適用法律允許的最大範圍內執行。

 

 

當地法律

 

樺緯物聯在其台灣總部控制和運營服務,並且“材料”可能不適合或無法在其他位置使用。如果您在台灣地區以外使用服務,則有責任遵守使用服務時適用的當地法律。

 

 

可分割性

 

如果發現本條款中的任何條款是非法的或不可執行的,則該條款將從本條款中分離出來,並且本條款的其餘部分將具有完全的效力。

 

 

延續性

 

儘管本協議中有任何相反的規定,我們同意,如果樺緯物聯對本規定進行了任何更改(對“通知地址”的更改除外),則您可以拒絕任何此類更改並要求樺緯物聯遵守本規定中的語言,如果我們之間發生爭執。

 

 

條款和終止

 

這些條款在您繼續訪問和使用服務時繼續有效。如果樺緯物聯真誠地認為您違反了這些條款,則樺緯物聯隨時可以(i)暫停或終止您訪問或使用服務的權利,或(ii)終止與您有關的這些條款。如果我們認為您不遵守這些條款,則樺緯物聯會建議您,並建議採取任何必要的糾正措施。但是,樺緯物聯判定某些違反這些條款的行為可能會導致您立即終止對服務的訪問並終止本協議,而無需事先通知您。本協議終止後,您使用服務的權利將自動終止。專有權,免責聲明,您所作的陳述,賠償,

 

 

糾紛解決

 

對於因履行或違反本條款引起的所有爭議,您必須首先給樺緯物聯一個解決爭議的機會。您必須通過將您的爭議的書面通知郵寄給樺緯物聯來開始此過程。該書面通知必須包括(1)您的姓名,(2)您的地址,(3)您的索賠的書面說明以及(4)您尋求的特定救濟的說明。如果樺緯物聯在收到您的書面通知後90天內仍未解決爭議,則您可​​以按照以下規定在法院提起爭議。

 

 

治理法律和管轄區

 

服務條款應受台灣法律管轄並根據台灣法律解釋。與這些條款或服務有關的任何爭議將首先在台灣台北地方法院審理,並且您同意該法院的個人管轄權。

 

 

其他

 

樺緯物聯不執行這些條款中的任何條款並不表示不放棄這些條款。這些條款是您與樺緯物聯之間就此主題所達成的全部協議,並取代您與樺緯物聯之間就該主題所進行的所有先前或同期的談判,討論或協議。

 

 

聯繫我們

 

如果您對這些條款有任何疑問,可以通過support@dexatek.com與我們聯繫。

 

上次更新時間:2015年7月2日

DEXATEK 數據處理協議

Last Modified: April 27, 2018

 

This DEXATEK Data Processing Agreement (“DPA”), that includes the Standard Contractual Clauses adopted by the European Commission, as applicable, reflects the parties’ agreement with respect to the terms governing the Processing of Personal Data under the DEXATEK Customer Terms of Service (the “Agreement”). This DPA is an amendment to the Agreement and is effective upon its incorporation into the Agreement, which incorporation may be specified in the Agreement, an Order or an executed amendment to the Agreement. Upon its incorporation into the Agreement, the DPA will form a part of the Agreement.

 

The term of this DPA shall follow the term of the Agreement. Terms not otherwise defined herein shall have the meaning as set forth in the Agreement.

 

THIS DPA INCLUDES:

 

(i) Standard Contractual Clauses, attached hereto as EXHIBIT 1.

 

(a) Appendix 1 to the Standard Contractual Clauses, which includes specifics on the Personal Data transferred by the data exporter to the data importer.

 

(b) Appendix 2 to the Standard Contractual Clauses, which includes a description of the technical and organizational security measures implemented by the data importer as referenced.

 

(ii) List of Sub-Processors, attached hereto as EXHIBIT 2.

 

 

 

1. Definitions

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

 

“Data Protection Law” means all applicable legislation relating to data protection and privacy including without limitation the EU Data Protection Directive 95/46/EC and all local laws and regulations which amend or replace any of them, including the GDPR, together with any national implementing laws in any Member State of the European Union or, to the extent applicable, in any other country, as amended, repealed, consolidated or replaced from time to time. The terms “process”, “processes” and “processed” will be construed accordingly.

 

“Data Subject” means the individual to whom Personal Data relates.

 

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

 

“Instruction” means the written, documented instruction, issued by Controller to Processor, and directing the same to perform a specific action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).

 

“Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected similarly as personal data or personally identifiable information under applicable Data Protection Law

 

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

 

“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data.

 

“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

 

“Standard Contractual Clauses” means the clauses attached hereto as Exhibit 1 pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

 

 

 

2. Details of the Processing

a. Categories of Data Subjects.

 Controller’s Contacts and other end users including Controller’s employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects also include individuals attempting to communicate with or transfer Personal Data to the Controller’s end users.

 

b. Types of Personal Data.

 Contact Information, the extent of which is determined and controlled by the Customer in its sole discretion, and other Personal Data such as navigational data (including website usage information), email data, system usage data, application integration data, and other electronic data submitted, stored, sent, or received by end users via the Subscription Service.

 

c. Subject-Matter and Nature of the Processing.

 The subject-matter of Processing of Personal Data by Processor is the provision of the services to the Controller that involves the Processing of Personal Data. Personal Data will be subject to those Processing activities as may be specified in the Agreement and an Order.

 

d. Purpose of the Processing.

 Personal Data will be Processed for purposes of providing the services set out and otherwise agreed to in the Agreement and any applicable Order.

 

e. Duration of the Processing.

 Personal Data will be Processed for the duration of the Agreement, subject to Section 4 of this DPA.

 

3. Customer Responsibility

Within the scope of the Agreement and in its use of the services, Controller shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Processor and the Processing of Personal Data. For the avoidance of doubt, Controller’s instructions for the Processing of Personal Data shall comply with the Data Protection Law. This DPA is Customer’s complete and final instruction to DEXATEK in relation to Personal Data and that additional instructions outside the scope of DPA would require prior written agreement between the parties. Instructions shall initially be specified in the Agreement and may, from time to time thereafter, be amended, amplified or replaced by Controller in separate written instructions (as individual instructions).

 

Controller shall inform Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data.

 

 

 

4. Obligations of Processor

a. Compliance with Instructions.

The parties acknowledge and agree that Customer is the Controller of Personal Data and DEXATEK is the Processor of that data. Processor shall collect, process and use Personal Data only within the scope of Controller’s Instructions. If the Processor believes that an Instruction of the Controller infringes the Data Protection Law, it shall immediately inform the Controller without delay. If Processor cannot process Personal Data in accordance with the Instructions due to a legal requirement under any applicable European Union or Member State law, Processor will (i) promptly notify the Controller of that legal requirement before the relevant Processing to the extent permitted by the Data Protection Law; and (ii) cease all Processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as the Controller issues new instructions with which Processor is able to comply. If this provision is invoked, Processor will not be liable to the Controller under the Agreement for any failure to perform the applicable services until such time as the Controller issues new instructions in regard to the Processing.

b. Security.

Processor shall take the appropriate technical and organizational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data, described under Appendix 2 to the Standard Contractual Clauses. Such measures include, but are not be limited to:

 

i. the prevention of unauthorized persons from gaining access to Personal Data Processing systems (physical access control),

 

ii. the prevention of Personal Data Processing systems from being used without authorization (logical access control),

 

iii. ensuring that persons entitled to use a Personal Data Processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control),

 

iv. ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control),

 

v. ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing systems (entry control),

 

vi. ensuring that Personal Data is Processed solely in accordance with the Instructions (control of instructions),

 

vii. ensuring that Personal Data is protected against accidental destruction or loss (availability control).

 

Upon Controller’s request, Processor shall provide a current Personal Data protection and security programme relating to the Processing hereunder.

 

Processor will facilitate Controller’s compliance with the Controller’s obligation to implement security measures with respect to Personal Data (including if applicable Controller’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR), by (i) implementing and maintaining the security measures described under Appendix 2, (ii) complying with the terms of Section 4.4 (Personal Data Breaches); and (iii) providing the Controller with information in relation to the Processing in accordance with Section 5 (Audits).

 

c. Confidentiality.

Processor shall ensure that any personnel whom Processor authorizes to process Personal Data on its behalf is subject to confidentiality obligations with respect to that Personal Data. The undertaking to confidentiality shall continue after the termination of the above-entitled activities.

 

d. Personal Data Breaches.

Processor will notify the Controller as soon as practicable after it becomes aware of any of any Personal Data Breach affecting any Personal Data. At the Controller’s request, Processor will promptly provide the Controller with all reasonable assistance necessary to enable the Controller to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Controller is required to do so under the Data Protection Law.

 

e. Data Subject Requests.

Processor will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Controller to respond to any request from Data Subjects seeking to exercise their rights under the Data Protection Law with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law.  If such request is made directly to Processor, Processor will promptly inform Controller and will advise Data Subjects to submit their request to the Controller. Controller shall be solely responsible for responding to any Data Subjects’ requests. Controller shall reimburse Processor for the costs arising from this assistance.

 

f. Sub-Processors.

Processor shall be entitled to engage sub-Processors to fulfil Processor’s obligations defined in the Agreement only with Controller’s written consent.  For these purposes, Controller consents to the engagement as sub-Processors of Processor’s affiliated companies and the third parties listed in Exhibit 2. For the avoidance of doubt, the above authorization constitutes Controller’s prior written consent to the sub-Processing by Processor for purposes of Clause 11 of the Standard Contractual Clauses.

 

If the Processor intends to instruct sub-Processors other than the companies listed in Exhibit 2, the Processor will notify the Controller thereof in writing (email to the email address(es) on record in Processor’s account information for Controller is sufficient) and will give the Controller the opportunity to object to the engagement of the new sub-Processors within 30 days after being notified. The objection must be based on reasonable grounds (e.g. if the Controller proves that significant risks for the protection of its Personal Data exist at the sub-Processor). If the Processor and Controller are unable to resolve such objection, either party may terminate the Agreement by providing written notice to the other party. Controller shall receive a refund of any prepaid but unused fees for the period following the effective date of termination.

 

Where Processor engages sub-Processors, Processor will enter into a contract with the sub-Processor that imposes on the sub-Processor the same obligations that apply to Processor under this DPA. Where the sub-Processor fails to fulfil its data protection obligations, Processor will remain liable to the Controller for the performance of such sub-Processors obligations.

 

Where a sub-Processor is engaged, the Controller must be granted the right to monitor and inspect the sub-Processor’s activities in accordance with this DPA and the Data Protection Law, including to obtain information from the Processor, upon written request, on the substance of the contract and the implementation of the data protection obligations under the sub-Processing contract, where necessary by inspecting the relevant contract documents.

 

The provisions of this Section 4.6 shall mutually apply if the Processor engages a sub-Processor in a country outside the European Economic Area (“EEA”) not recognized by the European Commission as providing an adequate level of protection for personal data.  If, in the performance of this DPA, DEXATEK transfers any Personal Data to a sub-processor located outside of the EEA, DEXATEK shall, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.

 

g. Deletion or Retrieval of Personal Data.

Other than to the extent required to comply with Data Protection Law, following termination or expiry of the Agreement, Processor will delete all Personal Data (including copies thereof) processed pursuant to this DPA. If Processor is unable to delete Personal Data for technical or other reasons, Processor will apply measures to ensure that Personal Data is blocked from any further Processing.

 

Controller shall, upon termination or expiration of the Agreement and by way of issuing an Instruction, stipulate, within a period of time set by Processor, the reasonable measures to return data or to delete stored data. Any additional cost arising in connection with the return or deletion of Personal Data after the termination or expiration of the Agreement shall be borne by Controller.

 

 

 

5. Audits

Controller may, prior to the commencement of Processing, and at regular intervals thereafter, audit the technical and organizational measures taken by Processor.

 

For such purpose, Controller may, e.g.,

 

    obtain information from the Processor,

    request Processor to submit to Controller an existing attestation or certificate by an independent professional expert, or

    upon reasonable and timely advance agreement, during regular business hours and without interrupting Processor’s business operations, conduct an on-site inspection of Processor’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Processor.

 

Processor shall, upon Controller’s written request and within a reasonable period of time, provide Controller with all information necessary for such audit, to the extent that such information is within Processor’s control and Processor is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

 

 

 

6. General Provisions

 

With respect to updates and changes to this DPA, the terms that apply in the “Amendment; No Waiver” section of “Miscellaneous” in the Agreement shall apply.

 

In case of any conflict, this DPA shall take precedence over the regulations of the Agreement. Where individual provisions of this DPA are invalid or unenforceable, the validity and enforceability of the other provisions of this DPA shall not be affected.

 

Upon the incorporation of this DPA into the Agreement, the parties indicated in Section 7 below (Parties to this DPA) are agreeing to the Standard Contractual Clauses (where and as applicable) and all appendixes attached thereto. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses in Exhibit 1, the Standard Contractual Clauses shall prevail.

 

Effective 25 May 2018 DEXATEK will process Personal Data in accordance with the GDPR requirements contained herein which are directly applicable to DEXATEK's provision of the Subscription Services.

 

 

 

7. Parties to this DPA

 

This DPA is an amendment to and forms part of the Agreement.  Upon the incorporation of this DPA into the Agreement (i) Controller and the DEXATEK entity that are each a party to the Agreement are also each a party to this DPA, and (ii) to the extent that

DEXATEK TECHNOLOGY LTD. is not the party to the Agreement, DEXATEK TECHNOLOGY LTD. is a party to this DPA, but only with respect to agreement to the Standard Contractual Clauses of the DPA, this Section 7 of the DPA, and to the Standard Contractual Clauses themselves.

 

If DEXATEK TECHNOLOGY LTD. is not a party to the Agreement, the section of the Agreement entitled ‘Limitation of Liability’ shall apply as between Controller and DEXATEK TECHNOLOGY LTD., and in such respect any references to ‘DEXATEK’, ‘we’, ‘us’ or ‘our’ shall include both DEXATEK TECHNOLOGY LTD. and the DEXATEK entity that is a party to the Agreement.

 

The legal entity agreeing to this DPA as Controller represents that it is authorized to agree to and enter into this DPA for, and is agreeing to this DPA solely on behalf of, the Controller.

 

 

EXHIBIT 1 : Standard Contractual Clauses (Processors)

 

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection,

 

The Customer, as defined in the DEXATEK Customer Terms of Service (the “data exporter”)

 

And

 

DEXATEK TECHNOLOGY LTD. (the “data importer”),

 

each a ‘party’; together ‘the parties’,

 

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

 

 

 

Clause 1 Definitions

For the purposes of the Clauses:

 

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

 

(b) ‘the data exporter’ means the controller who transfers the personal data;

 

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

 

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

 

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

 

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

 

 

 

Clause 2 Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

 

Clause 3 Third-party beneficiary clause

    The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

    The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

    The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

    The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

 

 

 

Clause 4 Obligations of the data exporter

The data exporter agrees and warrants:

 

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

 

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

 

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

 

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

 

(e) that it will ensure compliance with the security measures;

 

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

 

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

 

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

 

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

 

(j) that it will ensure compliance with Clause 4(a) to (i).

 

 

 

Clause 5 Obligations of the data importer

The data importer agrees and warrants:

 

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

 

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

 

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

 

(d) that it will promptly notify the data exporter about:

 

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

 

(ii) any accidental or unauthorised access; and

 

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

 

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

 

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

 

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

 

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

 

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

 

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

 

 

 

Clause 6 Liability

 

    The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

    If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

    The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

    If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

 

 

 

Clause 7 Mediation and jurisdiction

 

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

 

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

 

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

 

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

 

Clause 8 Cooperation with supervisory authorities

 

    The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

    The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

    The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

 

 

 

Clause 9 Governing law

 

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

 

Clause 10 Variation of the contract

 

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

 

 

 

Clause 11 Subprocessing

 

    The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.

    The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

    The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

    The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

 

 

 

Clause 12 Obligation after the termination of personal data-processing services

 

    The parties agree that on the termination of the provision of data-processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

    The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

 

 

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the Clauses. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

A. Data exporter

The data exporter is the Customer, as defined in the DEXATEK Customer Terms of Service (“Agreement”).

 

B. Data importer

The data importer is DEXATEK TECHNOLOGY LTD., a global provider of inbound marketing and sales software.

 

C. Data subjects

Categories of data subjects set out under Section 2 of the Data Processing Agreement to which the Clauses are attached.

 

D. Categories of data

Categories of personal data set out under Section 2 of the Data Processing Agreement to which the Clauses are attached.

 

E. Special categories of data (if appropriate)

The parties do not anticipate the transfer of special categories of data.

 

F. Processing operations

The processing activities set out under Section 2 of the Data Processing Agreement to which the Clauses are attached (Appendix 2 to the Standard Contractual Clauses)

 

 

Appendix 2 to the Standard Contractual Clauses

 

This Appendix forms part of the Clauses.

 

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

 

DEXATEK currently observes the security practices described in this Appendix 2. Notwithstanding any provision to the contrary otherwise agreed to by data exporter, DEXATEK may modify or update these practices at its discretion provided that such modification and update does not result in a material degradation in the protection offered by these practices. All capitalized terms not otherwise defined herein shall have the meanings as set forth in the Agreement.

a)Access Control

 

i)      Preventing Unauthorized Product Access

Outsourced processing: DEXATEK hosts its Service with outsourced cloud infrastructure providers. Additionally, DEXATEK maintains contractual relationships with vendors in order to provide the Service in accordance with our Data Processing Agreement. DEXATEK relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.

 

Physical and environmental security: DEXATEK hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications.

 

Authentication: DEXATEK implemented a uniform password policy for its customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data.

 

Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of DEXATEK’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.

 

Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.

 

ii)     Preventing Unauthorized Product Use

DEXATEK implements industry standard access controls and detection capabilities for the internal networks that support its products.

 

Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The technical measures implemented differ between infrastructure  providers and include Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.

 

Intrusion detection and prevention: DEXATEK implemented a Web Application Firewall (WAF) solution to protect hosted customer websites and other internet-accessible applications. The WAF is designed to identify and prevent attacks against publicly available network services.

 

Static code analysis: Security reviews of code stored in DEXATEK’s source code repositories is performed, checking for coding best practices and identifiable software flaws.

 

 

 

iii)    Limitations of Privilege & Authorization Requirements

Product access: A subset of DEXATEK’s employees have access to the products and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Access is enabled through “just in time” requests for access; all such requests are logged. Employees are granted access by role, and reviews of high risk privilege grants are initiated daily.

 

All DEXATEK employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards.

 

b) Transmission Control

In-transit: DEXATEK makes HTTPS encryption (also referred to as SSL or TLS) available on every one of its login interfaces and for free on every customer site hosted on the DEXATEK products. DEXATEK’s HTTPS implementation uses industry standard algorithms and certificates.

 

At-rest: DEXATEK stores user passwords following policies that follow industry standard practices for security.

 

c) Input Control

Detection: DEXATEK designed its infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. DEXATEK personnel, including security, operations, and support personnel, are responsive to known incidents.

 

Response and tracking: DEXATEK maintains a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, DEXATEK will take appropriate steps to minimize product and Customer damage or unauthorized disclosure.

 

Communication: If DEXATEK becomes aware of unlawful access to Customer data stored within its products, DEXATEK will: 1) notify the affected Customers of the incident; 2) provide a description of the steps DEXATEK is taking to resolve the incident; and 3) provide status updates to the Customer contact, as DEXATEK deems necessary. Notification(s) of incidents, if any, will be delivered to one or more of the Customer’s contacts in a form DEXATEK selects, which may include via email or telephone.

 

d) Availability Control

Infrastructure availability: The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.93% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.

 

Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple availability zones.

 

Online replicas and backups: Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using at least industry standard methods.

 

DEXATEK’s products are designed to ensure redundancy and seamless failover. The server instances that support the products are also architected with a goal to prevent single points of failure. This design assists DEXATEK operations in maintaining and updating the product applications and backend while limiting downtime.

 

 

 

EXHIBIT 2 : List of Sub-Processors

 

    Amazon Web Services, Inc.

    Google, Inc.

    Cloudflare, Inc.

    Wix.com, Inc.

 

TEL : +886 2 2698 0889

Email : support@sigmacasa.com

新北市汐止區新台五路一段81號16樓之1

Copyright © 2016 ΣCASA All rights reserved.