1) WHO WE ARE
Useberry User Testing Technologies IKE is a Greek private company seated at Athens, Greece and operating from the same address. Useberry User Testing Technologies IKE (“Useberry” or “we” or “our” or “us”) owns and controls Useberry services, and provides access to the Useberry website, at the url: https://www.useberry.com and all subdomains under the https://www.useberry.com domain and related properties (the “Website”), software, data and materials accessed via the Website (the “Services” or “Properties”).
2) WHAT IS USEBERRY AND HOW IT WORKS
Useberry is a platform that provides app publishers, designers and developers (from now on “Researchers”) with the tools to create and conduct UI/UX research (from now on “User Tests”) to real users (from now on “Testers”) on their app prototypes, that is, before proceeding to developing their app.
There is a variation of ways to distribute these User Tests:
– For an app that is already published and the Researcher wants to test changes or new features, the User Tests can address Testers:
– For a new app, not yet published:
In the case of third party apps, Useberry is establishing a network of publishers of app for smartphones and websites (from now on “Publishers”) who will distribute User Tests to their audience for a compensation, in a similar way they are distributing video ads.
The Researcher sets the targeting criteria and Useberry distributes the User Tests to the audience segments which meet the targeting criteria set by the Researcher. In order to identify eligible Testers whose profile meets the targeting criteria, Useberry has built and operates its proprietary Database, which consists of Data of members of the audience which may be eligible for a User Test. Useberry distributes the User Tests created by the Researcher, collects the Tester’s responses and provides the Researcher with results (the “Results”) which consist of: (a) statistics, analytics, heatmaps, timespan analysis, conversion funnels and user flows.(b) The Researcher’s User Tests questions and the responses to such questions (the “Researcher Survey”).
3) CHARGES & PAYMENTS
Researchers using standard Services provided through our website platform are charged per completed User Test participation received or by monthly subscription plan. However, a Researcher may request from Useberry more specialized User Test-Services. In the latter case, different charges may apply according to a special agreement, negotiated and concluded between Researcher and Useberry; the amount owed depends on several criteria. Additional representation types for data collected maybe charged differently.
The fees corresponding to the use of standard services are indicated on our website. Such fees must be prepaid when requesting the User Test. VAT, if available, may be added to the fees mentioned in the price list, depending on your location.
Researchers pay only per completed User Test response they receive or, in case of special agreements according to the agreed terms. More specifically, if you want to conduct a more specialized User Test the fees shall be agreed upon between Useberry and Researcher, and a special contract shall be negotiated and concluded between the parties. In the event that such complicated and specialized research is not fully accomplished, you will receive a partial refund equaling the pre-paid value of any non-delivered User Tests.
Invoices are available through the Useberry Dashboard. Please make sure that you have registered your current email. You will also be asked at a later registration stage to submit your VAT number, if you have one, according to your legislation.
If, for any reason, you dispute the transactions related to Useberry services, you must notify Useberry immediately in writing.
Useberry is entitled to terminate the agreement if you do not pay the relevant costs/fees on time and/or any extra costs (including taxes, such as VAT).
Useberry reserves the right to change the rates and charge differently for its Services. These changes will not affect the Researcher who has already paid fees for a User Test.
The fee (as indicated on our website) must be paid via credit card or debit card or prepaid card. You may only order User Test if you are considered capable of entering into an enforceable contract in the applicable jurisdiction. You agree to pay in full the prices for the User Test that you have ordered either by credit/debit card concurrently with your online order or by other payment means acceptable to Useberry. If payment is not received by us from your credit or debit card issuer or its agents, you agree to pay all amounts due upon demand by us.
You are solely responsible for the payment of any banking and transaction costs. Any additional credit or debit charges that may incur due to the transaction will be paid by you and not by Useberry.
In order to secure the payments through your credit cards, Useberry collaborates with certified payment service providers operating according to the provisions of the applicable legislation.
In order for the payment to be accomplished, you are directed to a secure page of the collaborating payment service provider which is linked to Useberry website. There you register your card details, i.e. the full name of the owner of the card, the card number, the expiry date (month and year) of the card, the security code (verifying the authenticity of the card) imprinted in the appropriate space of the card reserved for the signature of the holder (CVV / VISA or CVC / MC), in order to check the validity of the cards and safely carry out the transaction.
Useberry does not store in any way the data inserted by you in relation to the number of the card or the card security code verifying the authenticity of the card (for Useberry CVV/VISA or CVC/MC). The payment service provider collaborating with Useberry controls the data inserted and informs electronically Useberry, for the approval or the rejection of the transaction.
In case a transaction is rejected, irrespectively of the reason of the rejection (which could be for example default on overdraft, failure of the system of the payment service provider or of the Bank issuing the card) you must ensure the payment, otherwise Useberry is entitled to block your access to the platform.
4) ACCEPTANCE & MODIFICATIONS OF TERMS OF SERVICE
In order to access the Useberry Service you are requested to accept and conform to the present terms of Service Agreement (“the Researchers’ ToS”, “these ToS” or “This Agreement”) otherwise you will not have access to our Services. Useberry reserves the right to modify the terms and conditions of the present Researchers’ ToS. You are responsible for ensuring that you will regularly review the Researchers’ ToS. If you choose to continue using Useberry Services after any modifications to the present terms are made, you will be considered to have fully and unconditionally accepted the aforementioned modifications to this Agreement.
In order to use Useberry you have to complete the registration process by providing all the necessary information requested at the registration form, including email, password, or any other information requested by us. You agree to provide only true and accurate information. You further acknowledge that you will control your account and that you are liable for any unlawful act occurring under your account. You are responsible for maintaining the confidentiality of your password or account information, and for restricting access to your device (computer, smartphone etc) so that others may not access any password protected portion of the Website or other Properties and Services using your name, username, or password in whole or in part. You further take full responsibility for all actions and activities performed through your account. You should inform Useberry for any unauthorized use of your account or any breach of security. Useberry staff may login to your account from time to time for maintenance or assistance purposes.
6)WARRANTIES AND OBLIGATIONS
In order to be entitled to use or continue to use our services, you acknowledge and you agree that you meet the following conditions:
Subject to the Terms and Conditions described in this ToS, Useberry grants to Researcher a non-exclusive, worldwide, fee-bearing, non-assignable license to access and use the Useberry Platform.
8) OWNERSHIP OF RESULTS
Researcher shall be the exclusive owner of all Results as defined in Section B of this Agreement. For clarity, Researcher shall also be the exclusive owner of any User Test strategy as created and implemented by Researcher and all Intellectual Property Rights thereof.
Limited License to use the Researcher Results. Researcher grants to Useberry a perpetual, worldwide, non-revocable, non-exclusive license to access and use the “Results” solely for the following purposes and under the following limitations:
Ownership and Licensing of Existing Useberry Database Data. Useberry is and shall remain the sole proprietor of all “Existing Useberry-Database Data” furnished to Researcher as portion of the Results. Useberry grants Researcher a perpetual, worldwide, non-revocable, non-exclusive license to access, use, modify, copy, distribute, create derivatives, display, perform and adapt the “Existing Useberry-Database Data”.
9) PERSONAL DATA SECURITY
9.1 Definitions. As used in this Section 9, (a) “Personal Data” shall mean any data falling within the definition of “personal data” under Directive 95/46/EC of the European Parliament and of the Council (“Directive”) or any replacement legislation, as applicable, including the General Data Protection Regulation 2016/679 (“GDPR”). (b) “Researcher Personal Data” shall mean any Personal Data, not previously existing in Useberry Databases which is provided to Useberry by the Researcher Client and is processed by Useberry, on behalf of the Researcher Client. (c) “Personal Data Deliverables” shall mean any portion of Results delivered/licensed to Researcher under this ToS which may consist of Personal Data, including the “Existing Useberry Database Data”. (d) “Special Categories of Data” shall mean the Data defined in Article of the General Data Protection Regulation 2016/679 (“GDPR”).
9.2 Processing of Researcher Personal Data; Applicability. Unless otherwise agreed in writing between the parties Useberry shall not receive from Researcher any Researcher Personal Data whatsoever other than the Registration Data. Useberry shall process the Registration Data according to Section 17 of this Agreement.
9.3 Processing of Personal Data Deliverables by Researcher.
GDPR compliance. Researcher shall be deemed Controller of the Personal Data Deliverables, including the Existing Useberry Database Data for all processing operations pertaining to the licensed use of such Data. Researcher Client agrees and warranties that all such processing operations of which Researcher Client is Controller shall be lawful and compliant with the provisions of the General Data Protection Regulation 2016/679 (“GDPR”) (even if not applicable directly by Law, to the Researcher’s business), or with the EU-US/SWISS-US privacy shield principles and all and any further Personal Data Legislation which may be applicable to Researcher’s business. You hereby agree and warrant that any personal data which may be shared with you by Useberry shall not be processed by You in a way that may be illegal or may run contrary to the aforementioned Data Protection and Privacy Legislation.
Useberry shall be deemed Controller of the Existing Useberry Database Data for all processing operations pertaining to the use and exploitation of such Data by Useberry, including the collection, storage and processing of such Data for all lawful commercial and other uses. Useberry is and shall remain compliant with the General Data Protection Regulation 2016/679 (“GDPR”) and any other Personal Data Legislation which may be applicable to Useberry’s business.
For clarity, each Party will be deemed a separate Controller of the Data it processes under its capacity as Controller and the parties are not joint controllers in respect of the aforementioned processing operations.
If and to the extent that the provision of any services set forth in this Agreement may be deemed to include processing of Personal Data on behalf of the Researcher by Useberry, the Data Processing Addendum to this ToS shall apply. The Data Processing Addendum forms and indispensable part of this ToS.
Compliance with further rules. All processing operations on the Personal Data Deliverables by the Researcher will also comply with the following rules, if and where applicable to Researcher’s operations: (a) all United States Federal Trade Commission (“FTC”) rules and guidelines regarding the collection, use or disclosure of information from or about a unique user of a website, application or mobile website and/or the device associated with such user; (b) the Self-Regulatory Principles of the Digital Advertising Alliance (“DAA”), currently available at http://www.aboutads.info/principles, as each set of principles may be amended from time to time by the DAA or any successor entity to the DAA, and all interpretations of the DAA’s Self-Regulatory Principles, whether by the DAA itself or by the Council of Better Business Bureaus in an accountability proceeding or otherwise; (c) the Code of Conduct of the Network Advertising Initiative (“NAI”), currently available at http://www.networkadvertising.org/code-enforcement/code, as the Code may be amended from time to time by the NAI or any successor entity to the NAI, and all interpretations of the NAI’s Code of Conduct by the NAI itself or any successor entity to the NAI; (e) the Principles of the European Interactive Digital Alliance (“EDAA”), currently available at http://www.edaa.eu/european-principles/, as each set of principles may be amended from time to time by the EDAA or any successor entity to the EDAA.
(f) any other relevant FTC, NAI or DAA code, principles or other guidance relating to the collection and use of data or serving of advertising or other Targeted content in the mobile environment.
Useberry reserves the right to terminate this Agreement at any time, for convenience with 30 days prior notice. In case of breach of this Agreement by the Researcher, Useberry can immediately terminate this Agreement without notice.
The rights, duties and responsibilities of the Parties shall continue in full force and effect until the effective date of any termination or expiration of this Agreement, as applicable. Upon termination or expiration of this Agreement: (a) Researcher will pay Useberry any undisputed Fees and Expenses for Services delivered prior to the effective date of any termination or expiration of this Agreement; (b) Useberry shall immediately deliver to Researcher Client all due Deliverables (c) Useberry Client shall desist from any further use of the Services (d) at each party’s request, the other Party shall be obliged at its own expenses to return to the other Party any Confidential Information of such Party.
Sections 8, 9.3, 12,13, 14, 15 and 18 shall survive termination of this Agreement.
You hereby indemnify and hold Useberry harmless and agree to defend against any third party claim or action brought against Useberry or any of its parent, subsidiary or affiliated companies, from and against any and all claims, actions, losses, liabilities, damages, costs and expenses (including legal fees and costs) arising out of or in connection with any claim(s) regarding the: (a) breach of any warranty, representation, covenant or agreement made by you in this Agreement; b) misuse of Useberry service; c) violation of any third party rights; and d) violation of all and any applicable laws or regulations.
Useberry hereby indemnifies and holds you harmless and agrees to defend against any third party claim or action brought against you or any of your parent, subsidiary or affiliated companies, employees, representatives, directors, and officers from and against any and all claims, actions, losses, liabilities, damages, costs and expenses (including legal fees and costs) arising out of or in connection with any claim(s) regarding the: (a) breach of any warranty, representation, covenant or agreement made by Useberry in this Agreement; b) infringement of any intellectual right of a third party; and c) violation of all and any applicable laws or regulations.
The indemnified party must (a) promptly notify the indemnifying party in writing of any third-party claim (provided that a failure to promptly notify will not relieve the indemnifying party of its indemnification obligations, except to the extent it has been prejudiced by such failure); (b) reasonably cooperate with the indemnifying party in the defense of the matter; and (c) give the indemnifying party primary control of the defense of the matter and negotiations for its settlement, at its own expenses. The indemnified party may, at its own expense, join in the defense with counsel of its choice. The indemnifying party may not enter into a settlement unless it has obtained the written consent of the indemnified party (not to be unreasonably withheld).
Without limitation of anything else set forth in the present agreement you understand and agree that Useberry further limits its liability in connection with your use of its properties as set forth:
Useberry Properties, including, without limitation, all Content, Useberry SDK, the site, the Platform, the panel, the service and the functions made available on or accessed through or sent from the website, are provided “AS IS,” “as available, ” and “with all faults” without warranties implied or statutory including without limitation warranties of merchantability, fitness for a particular use and non-infringement. Useberry and its parents, subsidiaries and affiliates make no representation or warranties or endorsements of any kind whatsoever (express or implied) about:
Useberry is trying to build the best service for its users, however, it cannot guarantee the uninterrupted or error-free function of the Useberry SDK, site, platform, panel, service and functions or that the defects will be corrected or that it will be free of viruses. Therefore Useberry does not warrant that the Useberry SDK, site, platform, panel, service, functions contained therein are or will be uninterrupted, error-free, accurate, complete or current, that defects will be corrected; or that the Properties or the servers that make them available are free of viruses or other harmful components.
Useberry is not responsible for any technical issues in relation to any telecommunications or internet network (including in relation to speed or bandwidth), including any injury or damage to entrant’s or any other person’s device related to or resulting from the participation, access or downloading any materials in a Useberry User Test.
Useberry makes it best efforts to check the content of the User Tests created by the interested person/entity that commands/orders the User Test, for compliance with standing legislation, but cannot guarantee such compliance and cannot be held liable for any misuse of the Service by the Researcher.
Useberry is not responsible and cannot be held liable for any non-compliance of the application (where Useberry SDK is integrated), with Google Android and Apple iOS Policies or for the application’s breach of standing legislation. Useberry reserves the right to withdraw the questionnaire in case its content does not respect the standing legislation or the terms of this Agreement.
Useberry reserves the right to reject User Tests either in the review phase or during the lifecycle of User Test, for several reasons including but not limited to low incident rate, asking multiple questions in one, asking simplified YES/NO Screenings and others. Successful payment does not guarantee neither User Test Approval nor User Test Distribution. Useberry reserves the right to terminate at any time User Tests with low incident rate and issue a partial refund.
Useberry reserves its right to terminate at any time your use of its Services, in case of any breach of the present agreement which may impose liability upon Useberry.
13) LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY LAW AND EXCLUDING EITHER PARTY’S FAILURE TO COMPLY WITH PRIVACY LAWS, EACH PARTY’S INDEMNIFICATION OBLIGATIONS UNDER THE AGREEMENT; AND/OR A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS (COLLECTIVELY, “EXCLUDED DAMAGES”): (A) NEITHER PARTY MAY BE HELD LIABLE UNDER THIS AGREEMENT OR ARISING OUT OF OR RELATED TO PERFORMANCE OF THIS AGREEMENT FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, EVEN IF THE PARTY IS AWARE OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE; AND (B) EACH PARTY’S MAXIMUM AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO BREACH OF THIS AGREEMENT WILL NOT EXCEED THE AGGREGATE TOTAL AMOUNT OF FEES PAID OR PAYABLE TO US FROM YOU WITH RESPECT TO SUCH SERVICE DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE SUCH LIABILITY AROSE.
14.1 Definitions. As used in this ToS Agreement,
(a) “Confidential Information” means any proprietary information, including third party information, disclosed, in whatever tangible form or medium, to the other party, irrespective of whether it is clearly marked “confidential” (or with some other proprietary notice or not) and (ii) all information disclosed orally or otherwise in intangible form by the disclosing party. Confidential information shall not include any part of such information which: i) Is in or comes into the public domain in any way without breach of this Agreement by the Receiving party; ii) Has been independently developed by the Receiving Party without recourse to the Confidential Information; iii) The Receiving Party obtains or has available from a source other than the Disclosing Party without breach by the Receiving Party of any confidentiality or non-disclosure Agreement; put in force between the Receiving Party and this third source; and/or without breach by this third source, of any confidentiality or non-disclosure Agreement put in force between such third source and the Disclosing Party; iv) Is disclosed by the Receiving Party with the prior written approval of the Disclosing Party. For clarity, the Researcher Results (excluding the “Derived General Tagging Data), as well as all and any contact data of Researcher Client employees or representatives provided voluntarily by the Researcher Client for the commercial, legal, technical or other communications under this Agreement, shall be treated by Useberry as Researcher Client’s Confidential Information. (b) “Disclosing Party” means and refers to either party and all its associate companies, associates, employees, officers, servants, agents or professional advisors (including, without limitation, legal counsel, accountants, consultants, bankers and financial advisors), acting on behalf of such party (“hereinafter referred to, collectively, as “Representatives”), where and whenever such party discloses confidential information to the other party. (c) “Receiving Party” means refers to either party and all its associate companies, associates, employees, officers, servants, agents or professional advisors (including, without limitation, legal counsel, accountants, consultants, bankers and financial advisors), acting on behalf of the Receiving Party (“hereinafter referred to, collectively, as “Representatives”) where and whenever such party receives information from the other party.
14.2 Use of Confidential Information. The Confidential Information will be kept strictly confidential and shall not, without prior written consent, be, whether orally or in writing or by any other means, disclosed, divulged, provided or made accessible to any other person (the term “person/s” as used in this Agreement being broadly interpreted to include, without limitation, any corporation, company, partnership and individual as well), either directly or indirectly by the Receiving party or by its agents, representatives, officers, directors, partners, employees or advisors (including, without limitation, legal counsel, accountants, consultants, bankers and financial advisors), in any manner whatsoever, in whole or in part, and shall not be used by the Receiving party or its Representatives, for any purpose whatsoever other than for the performance of this Agreement (the “Purpose”). The Receiving party shall disclose the Confidential Information only to such of its directors, employees or representatives as they may need to know the Confidential Information for the Purpose. The Receiving party shall treat the Confidential Information with the same degree of care and with sufficient protection from unauthorised disclosure as the Receiving Party uses to maintain its own confidential or proprietary information. The Receiving party shall ensure that anyone to whom the Receiving party discloses the information complies with this Agreement as if they were the Receiving Party and that they enter into a Confidentiality Agreement with the Receiving party (or directly with the Disclosing party, if the latter so requests) on terms no less protective than those contained in this Agreement. Every party and its Representatives will take all necessary organisational and technical measures to ensure that all Confidential Information is properly safeguarded. In the event that the Receiving Party is required by law, Public Authorities or court order to disclose any Confidential Information to any third party, it shall use its best endeavours: (i) To inform the Disclosing Party of the full circumstances of the disclosure and the Confidential Information to be disclosed (ii) To consult with the Disclosing Party with the aim of taking all possible steps to avoid or limit disclosure and taking those steps where they would not result in significant adverse consequences to the Disclosing Party (iii) To gain assurances in relation to confidentiality from the body to whom the information shall be disclosed (iv) To limit the disclosure and provide only the absolutely necessary Confidential Information as requested by the Competent Authorities, provided, however that any such disclosed information will remain subject to this Confidentiality Agreement.
14.3 Survival. The Parties’ confidentiality obligations under this Section 14 shall survive for 5 years following any termination or expiration of this Agreement, provided that confidentiality obligations with respect to Confidential Information constituting trade secrets shall continue for as long as such Confidential Information shall be eligible for trade secret protection.
15) INTELLECTUAL PROPERTY RIGHTS
The past, present and future content of the Properties, including without limitation, copyright works and all intellectual property rights (including Industrial Property rights) such as software, logos, trademarks domain names, designs, graphics, pictures, photos, texts, newsletters, etc and any and all copyright material and all other intellectual property right and/or materials related to the Properties (collectively “Content”) are the sole property of Useberry. Except as stated herein, no rights in or to the Content and/or to the Properties are granted to you.
16) PRESERVING CONFIDENTIALITY OF USER TESTS
Useberry understands that User Tests distributed may include sensitive or confidential information about the Researcher’s business and operations (e.g. launching of a new product, marketing strategies etc as such information may be revealed directly or indirectly through the contents of a certain User Test), which the Researcher does not want to be made public or become accessible to competitors. Useberry cannot guarantee that the Testers will treat such information as confidential and that they will desist from divulging or reproducing it. Therefore, in case your User Test contains confidential information you wish to protect, we advise you to draft your User Tests accordingly. Here are some indicative steps you could follow, in order to reduce aforementioned risks:
(a) You could consider not using any mark, name, logo or other sign which may identify your Company,
(b) You could use an alternate-test name for the product related to your User Test.
Please note that experience has proven that “confidentiality notifications” presented to the Tester at the end of User Tests usually has the opposite effect than the one expected, since Testers seem to share information flagged as “confidential”, more often than they do with information which is not directly identifiable as confidential or sensitive.
Useberry is GDPR compliant. Useberry complies with the above legislation and rules, in its capacity as Controller as well as in its capacity as Processor of personal data, as the case may be.
GDPR is the new EU regulation for protection of personal data and marks a new era in data protection, being the most significant piece of privacy legislation in Europe in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights of EU citizens over their data and creating a uniform data protection law across Europe. See the full GDPR guidelines here: https://www.eugdpr.org/.
Useberry processes Personal Data in accordance with the GDPR requirements directly applicable to Useberry’s provision of its services, which shall come into force on 25 May 2018. In particular, Useberry processes personal data only in accordance with GDPR data protection principles and GDPR data protection provisions. Useberry also implements appropriate technical and organisational measures and demonstrates compliance and ensures that both in the planning and implementation of processing activities, data protection principles and appropriate safeguards are addressed and implemented (data protection by design and default).
You can make specific requests concerning your personal data to verify if you are comfortable with the information you provide us. We require you to send an email to email@example.com (from the email account used when signing up to Useberry) as we need to verify your identity. Copy the request you have from the list below onto your email’s Subject field and we will take care of the rest.
17.2 WHAT DATA WE COLLECT AND HOW WE USE THEM
Useberry only collects Registration data about you. If and to the extent that, under a special agreement in writing, you provide Useberry with any Researcher Personal Data, this Section to these ToS will also apply for the processing of such Data.
Your registration information is kept securely and not disclosed to any third party for any reason. Your registration information data may be used for contacting you occasionally (for platform announcements, account activation etc.). We may work with third-party service providers to provide maintenance services, data analysis, service hosting, and other services for us. These third parties may have access to or process your personal information as part of providing their contracted services to us. We require the aforementioned third-parties to agree to only use the personal information we provide them only for the purpose for which it was provided and to agree and warranty that all the processing operations in which they engage shall be lawful and compliant with the provisions of the GDPR (even if not applicable directly by Law to their business) and/or the EU-US/SWISS-US Privacy Shield, and any other Data Protection Legislation which may be applicable to their business. In particular, we require that they provide, in particular in terms of expert knowledge, reliability and resources, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and/or the EU-US/SWISS-US Privacy Shield and ensure the protection of the rights of the data subject.
We may disclose your information, if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement activity or other legal process.
We also reserve the right to disclose your information, including personal information, as we believe, in good faith, if it is appropriate or necessary to take precautions against liability; to protect Useberry and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service and our other property; or to protect the rights, property, or safety of us, our users, or other persons or entities.
Useberry cooperates with reliable cloud hosting service providers. Useberry cooperates with such cloud hosting providers who are either located within the E.U. (and therefore are obliged to comply with all EU Data Protection Laws and Regulations) or may be located in the US. In the latter case, US located cloud hosting providers are selected by Useberry, on grounds of US providers being certified members of the U.S. – EU Privacy Shield companies (https://www.privacyshield.gov/list).
Finally, we use commercially reasonable physical, managerial, and technical safeguards in an effort to preserve the integrity and security of your personal information. All data and responses are transferred via HTTPS/SSL secure channels to ensure the secure exchange of data between the users’ devices and Useberry servers. We cannot, however, ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission of personal information, we make commercially reasonable efforts to ensure the security of our systems. Please be aware, however, that this is not a guarantee that such personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If we learn of a security systems breach, then we will attempt to notify you electronically so that you can take appropriate protective steps. We shall post a notice through the Service if a security breach occurs and we shall notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, in case the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Useberry takes all necessary action to comply with COPPA and protect the rights and safety of Minors. By minors we mean individuals under the age of majority in their residence. We make efforts to exclude Minors from any collection of data and therefore we delete any information and data that has come to our attention that is related with Minors without any notice.
17.3 YOUR PRIVACY RIGHTS
In your capacity as a data subject whose data is collected and processed by Useberry, we inform you that you have the rights provided to you under the GDPR and, in particular, you have (a) the right to withdraw your consent at any time and without detriment, without affecting the lawfulness of processing based on consent before its withdrawal, by notifying such withdrawal to us via email with the subject “Data processing consent withdrawal” at the following email address firstname.lastname@example.org ; (b) the right to request from Useberry access to and rectification or erasure of personal data or restriction of processing concerning you and to object to processing as well as the right to data portability; (c) the right to receive notification regarding rectification or erasure of your personal data or restriction of processing that is takes place following your request; (d) the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, and (e) to lodge a complaint with a supervisory authority.
17.4 CONTACT INFO/REPRESENTATIVE IN THE EU/DATA PROTECTION OFFICER
Please contact us with any questions or comments about this Policy, your personal information, our third-party disclosure practices, or your consent choices by email: email@example.com.
Useberry designates as its representative in the EU, who acts on Useberry’s behalf and who may be addressed by any supervisory authority and be subject to enforcement proceedings in the event of non-compliance with the GDPR by Useberry, Mr Thodoris Tokis, who can be contacted at the following address: firstname.lastname@example.org. Useberry remains fully liable under the GDPR. Useberry appoints as a Data Protection Officer Thodoris Tokis, who can be contacted at the following address: email@example.com.
18) GOVERNING LAW & MISCELLANEOUS
19) CHANGES AND UPDATES TO THIS POLICY
Useberry reserves the right to modify the terms and conditions of the present Agreement or alter or end its Services at any time at its sole discretion. You are responsible for ensuring that you will regularly review the present Agreement. If you choose to continue using Useberry Services after any modifications to the present terms are made, you will be considered to have fully and unconditionally accepted the aforementioned modifications to this Agreement.
20) DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) forms indispensable part of the Useberry ToS Agreement.
If and to the extent that Useberry shall be deemed Processor of any Researcher Client Personal Data delivered by Researcher Client to Useberry in the course of this Agreement, and if and to the extent that any Service provided by Useberry in the course of this Agreement may be deemed or be may be interpreted to include processing of Data on behalf of the Researcher Client, this Data Processing Addendum shall apply.
20.1 DEFINITIONS AND INTERPRETATION
In this Agreement the following words and phrases shall have the following meanings, unless inconsistent with the context or as otherwise specified: “personal data” shall mean any information relating to a natural person (“data subject”) from which, directly or indirectly, the said natural person is or can be identified (his identity is verified); “processing of personal data” shall mean any operation or set of operations which is performed by the Processor on behalf of the Controller, which takes place with or without automated means, on personal data or on sets of personal data, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;“sub-processing” shall mean the process by which either party arranges for a third party to carry out its obligations under this Agreement and “Sub Contractor” shall mean the party to whom the obligations are subcontracted; “Technical and organisational security measures” shall mean means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and “Instruction” shall means the documented instructions offered by the Controller to the Processor and instruct the latter to perform specific actions regarding personal data. These instructions are initially specified in the MSA and ToS and may from time to time be modified, strengthened or replaced by the controller with separate documented instructions from the controller (personalised instructions).
20.2 SECURITY OBLIGATIONS OF THE PROCESSOR
(A) The Processor shall only carry out those actions in respect of the personal data processed on behalf of the Controller as are expressly authorised by the Controller. Processor shall immediately inform Controller if, in its opinion, an instruction infringes GDPR. (B) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
(A) The Processor agrees that it shall maintain the personal data processed by the Processor on behalf of the Controller in confidence. In particular, the Processor agrees that, save with the prior written consent of the Controller, it shall not disclose any personal data supplied to the Processor by, for, or on behalf of, the Controller to any third party. (B) The Processor shall not make any use of any personal data supplied to it by the Controller otherwise than in connection with the provision of services to the Controller. (C) The obligations in clauses 20.4.A and 20.4.B above shall continue for a period of five years after the cessation of the provision of services by the Processor to the Controller. (D) Nothing in this agreement shall prevent either party from complying with any legal obligation imposed by a regulator or court. Both parties shall however, where possible, discuss together the appropriate response to any request from a regulator or court for disclosure of information.
(A) The Processor shall not appoint a sub-processor and shall not subcontract any of its rights or obligations under this Agreement without the prior written consent of the Controller. (B) Where the Processor, with the consent of the Controller, appoints a sub-processor and sub-contracts its obligations under this agreement it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations in relation to the security of the processing on the sub-processor as are imposed on the Processor under this Agreement. (C) For the avoidance of doubt, where the sub-processor fails to fulfil its obligations under any sub-processing agreement, the Processor shall remain fully liable to the Controller for the fulfilment of its obligations under this Agreement.
20.5 DATA-SUBJECT RIGHTS
Taking into account the nature of the processing, the Processors shall assist the Controller by implementing appropriate technical and technological measures, insofar as possible, for the fulfillment of the Controller’s obligations to respond to requests to exercise Data Subject rights under the GDPR. Processors shall promptly notify Controller in case it receives a request from a Data Subject under GDPR in respect of personal data. Processor shall not respond to such request except on the documented instructions of Controller or as required by applicable laws to which Processor is subject, in which case Processor shall inform Controller of that legal requirement before Processor responds to Data Subject’s request.
20.6 INTERNATIONAL TRANSFER
Any processing of Data outside the territory of the European Economic Area shall require the prior written consent of Controller and may only be carried out if all legal requirements under Applicable Data Protection Law for such processing are fulfilled. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
20.7 PERSONAL DATA BREACH, DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
(A) Processor shall notify Controller without undue delay upon it becoming aware of a Personal Data Breach, providing Controller with sufficient information to allow it to meet any obligations to report or inform Data Subjects of the Personal Data Breach. Processor shall cooperate with Controller and take such reasonable commercial steps as are directed by Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach. (B) Processor shall provide reasonable assistance to Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities.
20.8 RECORDS OF PROCESSING ACTIVITIES, DELETION OR RETURN OF DATA & AUDIT RIGHTS
(A) Processor shall appoint persons responsible for the protection of personal data as required by the applicable legislation, keep records of the processing activities under his / her responsibility, cooperate with the competent authorities and set at their disposal such records so that it can use them to monitor the processing operations in question. (B) At the choice of the Controller and based on his instructions, Processor, after the end of the provision of services relating to processing, shall (a) comply with any other agreement made between the parties concerning the return or destruction of data, or (b) return all personal data passed to the Processor by the Controller for processing, or (c) on receipt of instructions from the Controller, destroy all such data unless prohibited from doing so by any applicable law. (C) Processor shall make available to Controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the Controller.
20.9 TERM AND TERMINATION
This Agreement shall continue in full force and effect for so long as the Processor is processing personal data on behalf of the Controller.
20.10 GOVERNING LAW
This Agreement shall be governed by and construed in accordance with the national law of the country in which the Controller is established.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The types of cookies we use are:
Last Updated: 01-09-2018