Last Updated: Feb 24, 2020
- Acceptance of Terms
- Description of Services
- Personal and Non-Commercial Use Limitation
- Privacy and Protection of Personal Information
- Notice Specific to Software Available on this Website
- Notice Specific to Documents Available on this Website
- Notices Regarding Software, Documents, and Services Available on this Website
- Member Account, Password, and Security
- No Unlawful or Prohibited Use
- Use of Services
- Materials Provided to 365 Labs or Posted at any 365 Labs Website
- Notices and Procedure for Making Claims of Copyright Infringement
- Links to Third-Party Sites
- Unsolicited Idea Submission Policy
Acceptance of Terms
Description of Services
Through its network of Web properties, 365 Labs provides you with access to a variety of resources, including developer tools, download areas, communication forums and product information (collectively “Services”). The Services, including any updates, enhancements, new features, and/or the addition of any new Web properties, are subject to the TOU.
Personal and Non-Commercial Use Limitation
Unless otherwise specified, the Services are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell any information, software, products or services obtained from the Services.
Privacy and Protection of Personal Information
See the Privacy Statement disclosures relating to the collection and use of your information.
Notice Specific to Software Available on this Website
Any software that is made available to download from the Services (“Software”) is the copyrighted work of 365 Labs and/or its suppliers. Use of the Software is governed by the terms of the end user license agreement, if any, which accompanies or is included with the Software (“License Agreement”). An end user will be unable to install any Software that is accompanied by or includes a License Agreement, unless he or she first agrees to the License Agreement terms. Third party scripts or code, linked to or referenced from this website, are licensed to you by the third parties that own such code, not by 365 Labs.
The Software is made available for download solely for use by end users according to the License Agreement. Any reproduction or redistribution of the Software not in accordance with the License Agreement is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.
WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE SOFTWARE TO ANY OTHER SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED, UNLESS SUCH REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PERMITTED BY THE LICENSE AGREEMENT ACCOMPANYING SUCH SOFTWARE.
THE SOFTWARE IS WARRANTED, IF AT ALL, ONLY ACCORDING TO THE TERMS OF THE LICENSE AGREEMENT. EXCEPT AS WARRANTED IN THE LICENSE AGREEMENT, 365 LABS CORPORATION HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE SOFTWARE, INCLUDING ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY, WHETHER EXPRESS, IMPLIED OR STATUTORY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. FOR YOUR CONVENIENCE, 365 LABS MAY MAKE AVAILABLE AS PART OF THE SERVICES OR IN ITS SOFTWARE PRODUCTS, TOOLS AND UTILITIES FOR USE AND/OR DOWNLOAD. 365 LABS DOES NOT MAKE ANY ASSURANCES WITH REGARD TO THE ACCURACY OF THE RESULTS OR OUTPUT THAT DERIVES FROM SUCH USE OF ANY SUCH TOOLS AND UTILITIES. PLEASE RESPECT THE INTELLECTUAL PROPERTY RIGHTS OF OTHERS WHEN USING THE TOOLS AND UTILITIES MADE AVAILABLE ON THE SERVICES OR IN 365 LABS SOFTWARE PRODUCTS.
RESTRICTED RIGHTS LEGEND. Any Software which is downloaded from the Services for or on behalf of the United States of America, its agencies and/or instrumentalities (“U.S. Government”), is provided with Restricted Rights. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software – Restricted Rights at 48 CFR 52.227-19, as applicable. Manufacturer is 365 Labs Corporation, One 365 Labs Way, Redmond, WA 98052-6399.
Notice Specific to Documents Available on this Website
Permission to use Documents (such as white papers, press releases, datasheets and FAQs) from the Services is granted, provided that (1) the below copyright notice appears in all copies and that both the copyright notice and this permission notice appear, (2) use of such Documents from the Services is for informational and non-commercial or personal use only and will not be copied or posted on any network computer or broadcast in any media, and (3) no modifications of any Documents are made. Accredited educational institutions, such as K-12, universities, private/public colleges, and state community colleges, may download and reproduce the Documents for distribution in the classroom. Distribution outside the classroom requires express written permission. Use for any other purpose is expressly prohibited by law, and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.
Documents specified above do not include the design or layout of the 365 Labs.com website or any other 365 Labs owned, operated, licensed or controlled site. Elements of 365 Labs websites are protected by trade dress, trademark, unfair competition, and other laws and may not be copied or imitated in whole or in part. No logo, graphic, sound or image from any 365 Labs website may be copied or retransmitted unless expressly permitted by 365 Labs.
365 LABS AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED AS PART OF THE SERVICES FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. 365 LABS AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY, WHETHER EXPRESS, IMPLIED OR STATUTORY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL 365 LABS AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE FROM THE SERVICES.
THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THE SERVICES COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. 365 LABS AND/OR ITS RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME.
Notices Regarding Software, Documents, and Services Available
on this Website
IN NO EVENT SHALL 365 LABS AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF SOFTWARE, DOCUMENTS, PROVISION OF OR FAILURE TO PROVIDE SERVICES, OR INFORMATION AVAILABLE FROM THE SERVICES.
Member Account, Password, and Security
If any of the Services requires you to open an account, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. You also will choose a password and a user name. You are entirely responsible for maintaining the confidentiality of your password and account. Furthermore, you are entirely responsible for any and all activities that occur under your account. You agree to notify 365 Labs immediately of any unauthorized use of your account or any other breach of security. 365 Labs will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by 365 Labs or another party due to someone else using your account or password. You may not use anyone else’s account at any time, without the permission of the account holder.
No Unlawful or Prohibited Use
As a condition of your use of the Services, you will not use the Services for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the Services in any manner that could damage, disable, overburden, or impair any 365 Labs server, or the network(s) connected to any 365 Labs server, or interfere with any other party’s use and enjoyment of any Services. You may not attempt to gain unauthorized access to any Services, other accounts, computer systems or networks connected to any 365 Labs server or to any of the Services, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Services.
Use of Services
The Services may contain e-mail services, bulletin board services, chat areas, news groups, forums, communities, personal web pages, calendars, photo albums, file cabinets and/or other message or communication facilities designed to enable you to communicate with others (each a “Communication Service” and collectively “Communication Services”). You agree to use the Communication Services only to post, send and receive messages and material that are proper and, when applicable, related to the particular Communication Service. By way of example, and not as a limitation, you agree that when using the Communication Services, you will not:
- Use the Communication Services in connection with surveys, contests, pyramid schemes, chain letters, junk email, spamming or any duplicative or unsolicited messages (commercial or otherwise).
- Defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others.
- Publish, post, upload, distribute or disseminate any inappropriate, profane, defamatory, obscene, indecent or unlawful topic, name, material or information.
- Upload, or otherwise make available, files that contain images, photographs, software or other material protected by intellectual property laws, including, by way of example, and not as limitation, copyright or trademark laws (or by rights of privacy or publicity) unless you own or control the rights thereto or have received all necessary consent to do the same.
- Use any material or information, including images or photographs, which are made available through the Services in any manner that infringes any copyright, trademark, patent, trade secret, or other proprietary right of any party.
- Upload files that contain viruses, Trojan horses, worms, time bombs, cancelbots, corrupted files, or any other similar software or programs that may damage the operation of another’s computer or property of another.
- Advertise or offer to sell or buy any goods or services for any business purpose, unless such Communication Services specifically allows such messages.
- Download any file posted by another user of a Communication Service that you know, or reasonably should know, cannot be legally reproduced, displayed, performed, and/or distributed in such manner.
- Falsify or delete any copyright management information, such as author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material contained in a file that is uploaded.
- Restrict or inhibit any other user from using and enjoying the Communication Services.
- Violate any code of conduct or other guidelines which may be applicable for any particular Communication Service.
- Harvest or otherwise collect information about others, including e-mail addresses.
- Violate any applicable laws or regulations.
- Create a false identity for the purpose of misleading others.
- Use, download or otherwise copy, or provide (whether or not for a fee) to a person or entity any directory of users of the Services or other user or usage information or any portion thereof.
365 Labs has no obligation to monitor the Communication Services. However, 365 Labs reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion. 365 Labs reserves the right to terminate your access to any or all of the Communication Services at any time, without notice, for any reason whatsoever.
365 Labs reserves the right at all times to disclose any information as 365 Labs deems necessary to satisfy any applicable law, regulation, legal process or governmental request, or to edit, refuse to post or to remove any information or materials, in whole or in part, in 365 Labs’s sole discretion.
Always use caution when giving out any personally identifiable information about yourself or your children in any Communication Services. 365 Labs does not control or endorse the content, messages or information found in any Communication Services and, therefore, 365 Labs specifically disclaims any liability with regard to the Communication Services and any actions resulting from your participation in any Communication Services. Managers and hosts are not authorized 365 Labs spokespersons, and their views do not necessarily reflect those of 365 Labs.
Materials uploaded to the Communication Services may be subject to posted limitations on usage, reproduction and/or dissemination; you are responsible for adhering to such limitations if you download the materials.
Materials Provided to 365 Labs or Posted at Any 365 Labs Website
365 Labs does not claim ownership of the materials you provide to 365 Labs (including feedback and suggestions) or post, upload, input or submit to any Services or its associated services for review by the general public, or by the members of any public or private community, (each a “Submission” and collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting (“Posting”) your Submission you are granting 365 Labs, its affiliated companies and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses (including, without limitation, all 365 Labs Services), including, without limitation, the license rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; to publish your name in connection with your Submission; and the right to sublicense such rights to any supplier of the Services.
No compensation will be paid with respect to the use of your Submission, as provided herein. 365 Labs is under no obligation to post or use any Submission you may provide and 365 Labs may remove any Submission at any time in its sole discretion.
Notices and Procedure for Making Claims of Copyright Infringement
Pursuant to Title 17, United States Code, Section 512(c)(2), notifications of claimed copyright infringement should be sent to Service Provider’s Designated Agent. ALL INQUIRIES NOT RELEVANT TO THE FOLLOWING PROCEDURE WILL NOT RECEIVE A RESPONSE.
See Notice and Procedure for Making Claims of Copyright Infringement.
Links to Third Party Sites
THE LINKS IN THIS AREA WILL LET YOU LEAVE 365 LABS’S SITE. THE LINKED SITES ARE NOT UNDER THE CONTROL OF 365 LABS AND 365 LABS IS NOT RESPONSIBLE FOR THE CONTENTS OF ANY LINKED SITE OR ANY LINK CONTAINED IN A LINKED SITE, OR ANY CHANGES OR UPDATES TO SUCH SITES. 365 LABS IS NOT RESPONSIBLE FOR WEBCASTING OR ANY OTHER FORM OF TRANSMISSION RECEIVED FROM ANY LINKED SITE. 365 LABS IS PROVIDING THESE LINKS TO YOU ONLY AS A CONVENIENCE, AND THE INCLUSION OF ANY LINK DOES NOT IMPLY ENDORSEMENT BY 365 LABS OF THE SITE.
Unsolicited Idea Submission Policy
365 LABS OR ANY OF ITS EMPLOYEES DO NOT ACCEPT OR CONSIDER UNSOLICITED IDEAS, INCLUDING IDEAS FOR NEW ADVERTISING CAMPAIGNS, NEW PROMOTIONS, NEW PRODUCTS OR TECHNOLOGIES, PROCESSES, MATERIALS, MARKETING PLANS OR NEW PRODUCT NAMES. PLEASE DO NOT SEND ANY ORIGINAL CREATIVE ARTWORK, SAMPLES, DEMOS, OR OTHER WORKS. THE SOLE PURPOSE OF THIS POLICY IS TO AVOID POTENTIAL MISUNDERSTANDINGS OR DISPUTES WHEN 365 LABS’S PRODUCTS OR MARKETING STRATEGIES MIGHT SEEM SIMILAR TO IDEAS SUBMITTED TO 365 LABS. SO, PLEASE DO NOT SEND YOUR UNSOLICITED IDEAS TO 365 LABS OR ANYONE AT 365 LABS. IF, DESPITE OUR REQUEST THAT YOU NOT SEND US YOUR IDEAS AND MATERIALS, YOU STILL SEND THEM, PLEASE UNDERSTAND THAT 365 LABS MAKES NO ASSURANCES THAT YOUR IDEAS AND MATERIALS WILL BE TREATED AS CONFIDENTIAL OR PROPRIETARY.
Data Protection Agreement
The Customer shall make available to 365 LABS and the Customer authorizes 365 LABS to process information including Personal Data for the provision of the Services under the Agreement. The parties have agreed to enter into this DPA to confirm the data protection provisions relating to their relationship and so as to meet the requirements of the applicable Data Protection Law.
1.1 For the purposes of this DPA:
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Data Protection Law” mean all applicable laws, regulations, and other legal requirements relating to (a) privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data.;
“365 LABS Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with 365 LABS. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;
“Services” means any of the following services provided by 365 LABS: (a) 365 LABS-branded product offerings made available via the Internet on https://www.365 Labs.com, (b) consulting or training services provided by 365 LABS either remotely via the Internet or in person, and (c) any support services provided by 365 LABS, including access to 365 LABS’s help desk;
the terms “data controller”, “data processor”, “data subject”, “personal data”, “processing” and “appropriate technical and organisational measures” shall have the meanings given to them under applicable Data Protection Law.
- Subject Matter, Nature and Purpose of 365 LABS’s Processing of Personal Data
2.1 The subject matter, nature and purpose of the processing of Personal Data under this DPA is 365 LABS performance of the Platform Services (the “Services) as further instructed in writing by the Customer in its use of the Services, unless required to do so otherwise by the Data Protection Law, in which case to the extent permitted by the Data Protection Law, 365 LABS shall inform the Customer of this legal requirement prior to carrying out the processing. 365 LABS shall only collect or process Personal Data for the period of rendering of the Services to the extent, and in such a manner, as is necessary for provision of the Services and in accordance with the DPA and the Data Protection Law applicable to 365 LABS.
3.1 The processing of Personal Data will be carried out by 365 LABS while Account of the Customer is in existence or as needed for the performance of the obligations and rights between 365 LABS and the Customer unless otherwise agreed upon in writing.
- Type of Personal Data Processed
4.1 The Customer may submit Customer Personal Data to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- Account Information.When the Customer signs up for a Account, it is required certain information such as the name and email.The Customer may update or correct its information and email preferences at any time by visiting the Account. 365 LABS can provide the Customer with additional support to access, correct, delete, or modify the information the Customer provided to 365 LABS and associated with the Customer’s Account. To protect the security, 365 LABS takes reasonable steps (such as requesting any legal information) to verify the identity of the Customer before making corrections. The Customer is responsible for maintaining the secrecy of the password and information of the Customer’s Account at all times.
- Additional Profile Information. The Customer may choose to provide additional information as part of its profile. Profile information helps the Customer to get more from the Platform. It’s the Customer’s choice whether to include sensitive information on its profile.
- Other Information.The Customer may otherwise choose to provide 365 LABS information when the Customer fills in a form, conducts a search, updates or adds information to its Account, responds to surveys, posts to community forums, participates in promotions, or uses other features of the
- 365 LABS Obligations
5.1 365 LABS agrees and/or warrants:
(a) to process the Personal Data only on behalf of the Customer and in compliance with its instructions and the DPA; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the Customer of its inability to comply, in which case the Customer is entitled to suspend the transfer of data and/or terminate the Services;
(b) that all Personal Data processed on behalf of the Customer remains the property of the Customer and/or the relevant Data subjects;
(c) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the Customer and its obligations under the DPA and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the DPA, it will promptly notify the change to the Customer as soon as it is aware, in which case the Customer is entitled to suspend the transfer of data and/or terminate the Services;
(d) that it has implemented the technical and organizational security measures specified in Appendix 1 before processing the Personal Data transferred;
(e) that it will promptly notify the Customer about:
- any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any accidental or unauthorized access; and
iii. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(f) to deal promptly and properly with all inquiries from the Customer relating to its processing of the Personal Data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(g) at the request of the Customer to submit its data-processing facilities for audit of the processing activities covered by the DPA;
(h) that, in the event of sub-processing, it has previously informed the Customer and obtained its prior written consent;
(i) that the processing services by the sub-processor will be carried out in accordance with Section 8;
(j) to appoint a data protection officer, who performs his/her duties in compliance with the Data Protection Law. The data protection officers contact details are available at 365 LABS web page.
(k) to entrust only such employees with the data processing outlined in this DPA who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. 365 LABS and any person acting under its authority who has access to Personal Data, shall not process that data unless on instructions from the Customer, unless required to do so by the Data Protection Law;
(l) to monitor periodically the internal processes to ensure that processing within 365 LABS area of responsibility is in accordance with the requirements of the Data Protection Law and the protection of the rights of the data subject.
- Customer Obligations
6.1 The Customer agrees and/or warrants:
(a) that the processing, including the transfer itself, of the Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the Data Protection Law and does not violate the relevant provisions;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct 365 LABS to process the Personal Data transferred only on the Customer’s behalf and in accordance with the Data Protection Law and the DPA;
(c) that 365 LABS will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 1 to this DPA;
(d) that after assessment of the requirements of the Data Protection Law, the security measures are appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) to access and use the Services only for legal, authorized, and acceptable purposes. The Customer will not use (or assist others in using) the Services in ways that: (a) violate, misappropriate, or infringe the rights of 365 LABS, its users, or others, including privacy, publicity, intellectual property, or other proprietary rights; (b) are illegal, obscene, defamatory, threatening, intimidating, harassing, hateful, racially, or ethnically offensive, or instigate or encourage conduct that would be illegal, or otherwise inappropriate; (c) involve publishing falsehoods, misrepresentations, or misleading statements; (d) impersonate someone; (e) involve sending illegal or impermissible communications such as bulk messaging, auto-messaging, auto-dialing, and the like; or (f) involve any other use of the Services prescribed in this DPA unless otherwise authorized by 365 LABS;
(g) do not to (or assist others to) access, use, copy, adapt, modify, prepare derivative works based upon, distribute, license, sublicense, transfer, display, perform, or otherwise exploit the Platform in impermissible or unauthorized manners, or in ways that burden, impair, or harm 365 LABS, the Platform, systems, other users, or others, including that the Customer will not directly or through automated means: (a) reverse engineer, alter, modify, create derivative works from, decompile, or extract code from the Platform; (b) send, store, or transmit viruses or other harmful computer code through or onto the Platform; (c) gain or attempt to gain unauthorized access to the Platform or systems; (d) interfere with or disrupt the integrity or performance of the Platform; (e) create accounts for the Platform through unauthorized or automated means; (f) collect the information of or about other users in any impermissible or unauthorized manner; (g) sell, resell, rent, or charge for the Platform; or (h) distribute or make the Platform available over a network where it could be used by multiple devices at the same time;
(h) that the Customer is responsible for keeping the Customer’s Account safe and secure, and the Customer will notify 365 LABS promptly of any unauthorized use or security breach of the Customer’s Account or the Platform;
(i) that 365 LABS grants the Customer a limited, revocable, non-exclusive, non-sublicensable, and non-transferable license to use the Platform. This license is for the sole purpose of enabling the Customer to use the Platform, in the manner permitted by this DPA. No licenses or rights are granted to the Customer by implication or otherwise, except for the licenses and rights expressly granted to the Customer.
- Technical and Organizational Measures
7.1 365 LABS shall take the appropriate technical and organizational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, described under Appendix 1. Such measures include but not limited to physical and IT measures, and organizational measures to:
(a) the prevention of unauthorized persons from gaining access to Personal Data processing systems (physical access control),
(b) the prevention of Personal Data processing systems from being used without authorization (logical access control),
(c) ensuring that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control),
(d) ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control),
(e) ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data processing systems (entry control),
(f) ensuring that Personal Data is protected against accidental destruction or loss (availability control).
7.2 The technical and organizational measures are subject to technical progress and further development. In this respect 365 LABS may implement alternative adequate measure, however, the security level of the defined measures must never be reduced. Major changes must be documented.
8.1 The Customer agrees that 365 LABS may engage 365 LABS Affiliate or third parties to process Personal Data in order to assist 365 LABS to deliver the Services on behalf of the Customer (“Sub-processors”). 365 LABS has or will enter into written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA to the extent applicable to the nature of the Services provided by such Sub-processor. If the Sub-processor processes the Services outside the EU/EEA, 365 LABS shall ensure that the transfer is made pursuant to European Commission approved standard contractual clauses for the transfer of Personal Data which the Customer authorizes 365 LABS to enter into on its behalf, or that other appropriate legal data transfer mechanisms are used.
8.2 The current Sub-processors for the Services are set out at https://365 Labs.com/ and the Customer agrees and approves that 365 LABS has engaged such Sub-processors to process Personal Data as set out in the list. 365 LABS shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to process Personal Data in connection with the provision of the applicable Service.
8.3 365 LABS shall notify the Customer thirty (30) days’ in advance of any intended changes concerning the addition or replacement of any Sub-processor during which period the Customer may raise objections to the Sub-processor’s appointment. Any objections must be raised promptly (and in any event no later than fourteen (14) days following 365 LABS’s notification of the intended changes). Should 365 LABS choose to retain the objected to Sub-processor, 365 LABS will notify the customer at least fourteen (14) days before authorizing the Sub-processor to process Personal Data and then the Customer may immediately discontinue using the relevant portion of the Services and may terminate the relevant portion of the Services.
8.4 For the avoidance of doubt, where any Sub-processor fails to fulfill its obligations under any sub-processing agreement or under applicable law 365 LABS will remain fully liable to the Customer for the fulfillment of its obligations under this DPA.
9.1 In order to confirm compliance with this DPA, the Customer shall be at liberty to conduct an audit by assigning an independent third party who shall be obliged to observe confidentiality in this regard. Any such audit must occur during 365 LABS’s normal business hours and will be permitted only to the extent required for the Customer to assess 365 LABS’s compliance with this DPA. In connection with any such audit, the Customer will ensure that the auditor will: (a) review any information on 365 LABS’s premises; (b) observe reasonable on-site access and other restrictions reasonably imposed by 365 LABS; (c) comply with 365 LABS’s policies and procedures, and (d) not unreasonably interfere with 365 LABS’s business activities. 365 LABS reserves the right to restrict or suspend any audit in the event of any breach of the conditions specified in this Section 9.
9.2 In the event that the Customer, a regulator or data protection authority requires additional information or an audit related to the Services, then, 365 LABS agrees to submit its data processing facilities, data files and documentation needed for processing Personal Data to audit by the Customer (or any third party such as inspection agents or auditors, selected by Customer) to ascertain compliance with this DPA, subject to being given notice and the auditor entering into a non-disclosure agreement directly with 365 LABS. 365 LABS agrees to provide reasonable cooperation to Customer in the course of such operations including providing all relevant information and access to all equipment, software, data, files, information systems, etc. used for the performance of Services, including processing of Personal Data. Such audits shall be carried out at the Customer’s cost and expense.
9.3 The audit may only be undertaken when there are specific grounds for suspecting the misuse of Personal Data, and no earlier than two weeks after the Customer has provided written notice to 365 LABS.
9.4 The findings in respect of the performed audit will be discussed and evaluated by the parties and, where applicable, implemented accordingly as the case may be by one of the parties or jointly by both parties. The costs of the audit will be borne by the Customer.
- Notification of A Data Breach
10.1 In the event of 365 LABS aware of any breach of security that results in the accidental, unauthorized or unlawful destruction or unauthorized disclosure of or access to Personal Data 365 LABS shall to the best of its ability, notify the Customer thereof with undue delay, after which the Customer shall determine whether or not to inform the Data subjects and/or the relevant regulatory authority(ies). This duty to report applies irrespective of the impact of the leak. 365 LABS will endeavour that the furnished information is complete, correct and accurate.
10.2 If required by law and/or regulation, 365 LABS shall cooperate in notifying the relevant authorities and/or Data subjects. The Customer remains the responsible party for any statutory obligations in respect thereof.
10.3 The duty to report includes in any event the duty to report the fact that a leak has occurred, including details regarding:
- the (suspected) cause of the leak;
- the (currently known and/or anticipated) consequences thereof;
- the (proposed) solution;
- the measures that have already been taken.
- Deletion and Return of Personal Data
11.1 The parties agree that on the termination of the provision of data-processing services, the 365 LABS and its subcontractors shall, at the choice of the Customer, return all the Personal Data transferred and the copies thereof to the Customer or shall destroy all the Personal Data and certify to the Customer that it has done so, unless legislation imposed upon 365 LABS prevents it from returning or destroying all or part of the Personal Data transferred. In that case, 365 LABS warrants that it will guarantee the confidentiality of the Personal Data transferred and will not actively process the Personal Data transferred anymore. 365 LABS and its subcontractors warrant that upon request of the Customer and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in Section 9.
- Governing Law/Forum
12.1 This DPA shall be governed by and interpreted in accordance with the laws of Lithuania.
12.2 Any and all claims, disputes or controversies arising under, out of, or in connection with this DPA, breach, termination or validity thereof, which have not been resolved by good faith negotiations between 365 LABS and the Customer within period of thirty (30) calendar days after receipt of a notice from one party to the other requesting negotiations shall be resolved by final and binding arbitration in the Vilnius Court of Commercial Arbitration in accordance with its Rules of Arbitration as in force and effect on the date of the DPA. Disputes shall be settled by a single arbitrator. Arbitration proceedings shall be held in Vilnius, Lithuania. The place of arbitration shall be Vilnius, Lithuania. The language of arbitration shall be English. Relevant documents in other languages shall be translated into English if the arbitrators so direct. All expenses and costs of the arbitrators and the arbitration in connection therewith will be shared equally, except that 365 LABS and the Customer will each bear the costs of its own prosecution and defense, including without limitation attorney’s fees and the production of witnesses and other evidence. Any award rendered in such arbitration shall be final and may be enforced by either party.
12.3 The parties agree to keep all details of the arbitration proceedings and arbitral award strictly confidential and shall use all reasonable efforts to take such action as may be appropriate to prevent the unauthorized disclosure of the proceedings, any information disclosed in connection therewith and the award granted.
Appendix No. 1
Description of the technical and organizational measures implemented by 365 LABS:
365 LABS shall implement the measures described in this appendix, provided that the measures directly or indirectly contribute or can contribute to the protection of Personal Data during the period of 365 LABS’s Services rendering to the Customer. If 365 LABS believes that a measure is not necessary for the respective Service or part thereof, 365 LABS will justify this and come to an agreement with the Customer.
The technical and organizational measures are subject to technical progress and development. In this respect 365 LABS is permitted to implement alternative adequate measures. The level of security must align with industry security best practice and not less than, the measures set forth herein. All major changes are to be agreed with the Customer and documented.
- Risk management
1.1 Security risk management
1.1.1 365 LABS shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk.
1.1.2 365 LABS shall have documented processes and routines for handling risks within its operations.
1.1.3 365 LABS shall periodically assess the risks related to information systems and processing, storing and transmitting information.
1.2 Security risk management for personal data
1.2.1 365 LABS shall identify and evaluate security risks related to confidentiality, integrity and availability and based on such evaluation implement appropriate technical and organizational measures to ensure a level of security which is appropriate to the risk of the specific Personal Data types and purposes being processed by 365 LABS, including inter alia as appropriate:
- The pseudonymisation and encryption of Personal Data;
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- The ability to restore the availability and access to the Customer’s Data in a timely manner in the event of a physical or technical incident;
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
1.2.2 365 LABS shall have documented processes and routines for handling risks when processing Personal Data on behalf of the Customer.
1.2.3 365 LABS shall periodically assess the risks related to information systems and processing, storing and transmitting Personal Data.
1.3 Information security policies
1.3.1 365 LABS shall have a defined and documented information security management system including an information security policy and procedures in place, which shall be approved by 365 LABS’s management. They shall be published within 365 LABS´s organization and communicated to relevant 365 LABS personnel.
1.3.2 365 LABS shall periodically review 365 LABS’s security policies and procedures and update them if required to ensure their compliance with this Appendix.
- Organization of information security
2.1 365 LABS shall have defined and documented security roles and responsibilities within its organization.
2.2 365 LABS shall appoint at least one data protection officer who has appropriate security competence and who has an overall responsibility for implementing the security measures under this Appendix and who will be the contact person for the Customer’s security staff.
- Human resource security
3.1 365 LABS shall ensure that 365 LABS personnel handles information in accordance with the level of confidentiality required under the DPA.
3.2 365 LABS shall ensure that relevant 365 LABS personnel is aware of the approved use (including use restrictions as the case may be) of information, facilities and systems under the DPA.
3.3 365 LABS shall ensure that any 365 LABS personnel performing assignments under the Agreement is trustworthy, meets established security criteria and has been, and during the term of the assignment will continue to be, subject to appropriate screening and background verification.
3.4 365 LABS shall ensure that 365 LABS personnel with security responsibilities is adequately trained to carry out security related duties.
3.5 365 LABS shall provide or ensure periodical security awareness training to relevant 365 LABS personnel. Such 365 LABS training shall include, without limitation:
(a) How to handle customer information security (i.e. the protection of the confidentiality, integrity and availability of information);
(b) Why information security is needed to protect customers information and systems;
(c) The common types of security threats (such as identity theft, malware, hacking, information leakage and insider threat);
(d) The importance of complying with information security policies and applying associated standards/procedures;
(e) Personal responsibility for information security (such as protecting customer’s privacy-related information and reporting actual and suspected data breaches).
- Access control
365 LABS shall have a defined and documented access control policy for facilities, sites, network, system, application and information/data access (including physical, logical and remote access controls), an authorization process for user access and privileges, procedures for revoking access rights and an acceptable use of access privileges for 365 LABS personnel in place.
365 LABS shall have a formal and documented user registration and de-registration process implemented to enable assignment of access rights.
365 LABS shall assign all access privileges based on the principle of need-to-know and principle of least privilege.
365 LABS shall use strong authentication (multi-factor) for remote access users and users connecting from an untrusted network.
365 LABS shall ensure that 365 LABS personnel has a personal and unique identifier (user ID), and use an appropriate authentication technique, which confirms and ensures the identity of users.
- Physical and environmental security
365 LABS shall protect information processing facilities against external and environmental threats and hazards, including power/cabling failures and other disruptions caused by failures in supporting utilities. This includes physical perimeter and access protection.
- Operations security
365 LABS shall have an established change management system in place for making changes to business processes, information processing facilities and systems. The change management system shall include tests and reviews before changes are implemented, such as procedures to handle urgent changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by whom.
365 LABS shall implement malware protection to ensure that any software used for 365 LABS’s provision of the Services to the Customer is protected from malware.
365 LABS shall make backup copies of critical information and test back-up copies to ensure that the information can be restored as agreed with the Customer.
365 LABS shall log and monitor activities, such as create, reading, copying, amendment and deletion of processed data, as well as exceptions, faults and information security events and regularly review these. Furthermore, 365 LABS shall protect and store (for at least 6 months or such period/s set by Data Protection Law) log information, and on request, deliver monitoring data to the Customer. Anomalies / incidents / indicators of compromise shall be reported according to the data breach management requirements as set out in clause 9, below.
365 LABS shall manage vulnerabilities of all relevant technologies such as operating systems, databases, applications proactively and in a timely manner.
365 LABS shall establish security baselines (hardening) for all relevant technologies such as operating systems, databases, applications.
365 LABS shall ensure development is segregated from test and production environment.
- Communications security
365 LABS shall implement network security controls such as service level, firewalling and segregation to protect information systems.
- 365 LABS relationship with sub-suppliers
365 LABS shall reflect the content of this Appendix in its agreements with Sub-processors that perform tasks assigned under the DPA.
365 LABS shall regularly monitor, review and audit Sub-processor’s compliance with this Appendix.
365 LABS shall, at the request of the Customer, provide the Customer with evidence regarding Sub-processor’s compliance with this Appendix.
- Data breach management
365 LABS shall have established procedures for data breach management.
365 LABS shall inform the Customer about any data breach (including but not limited to incidents in relation to the processing of Personal Data) as soon as possible but no later than within 36 hours after the data breach has been identified.
All reporting of security-related incidents shall be treated as confidential information and be encrypted, using industry standard encryption methods.
The data breach report shall contain at least the following information:
(a) The nature of the data breach,
(b) The nature of the Personal Data affected,
(c) The categories and number of data subjects concerned,
(d) The number of Personal Data records concerned,
(e) Measures taken to address the data breach,
(f) The possible consequences and adverse effect of the data breach, and
(g) Any other information the Customer is required to report to the relevant regulator or data subject.
To the extent legally possible, 365 LABS may claim compensation for support services under this clause 9 which are not attributable to failures on the part of 365 LABS.
- Business continuity management
365 LABS shall identify business continuity risks and take necessary actions to control and mitigate such risks.
365 LABS shall have documented processes and routines for handling business continuity.
365 LABS shall ensure that information security is embedded into the business continuity plans
365 LABS shall periodically assess the efficiency of its business continuity management, and compliance with availability requirements (if any).