← Legal

RavenDB Cloud Terms of Use

1. General

Hibernating Rhinos Ltd, and its affiliates (“Hibernating Rhinos”, “us”, “we” or “our”) provide these Terms of Use (the “Terms”) to inform you of our policies and procedures regarding the use of our RavenDB Cloud managed cloud-based services, based on RavenDB Software and technology (including without limitation any programs, tools, components, upgrades, updates and all related applications and reports) (the “Services”) offered through https://ravendb.net, including any subdomain of this website or other websites owned by us or operated on our behalf (the “Site”), or any other third party’s website or service. Hibernating Rhinos and you may be referred to each individually herein as a “Party” and collectively as the “Parties”.

EACH AND ANY USE OF THE SERVICES IS SUBJECT TO, AND CONDITIONED UPON, ASSENT TO AND COMPLIANCE WITH THESE TERMS (AS SHALL BE AMENDED FROM TIME TO TIME BY POSTING AN AMENDED TERMS ON THE SITE). BY USING THE SERVICES AND/OR COMPLETING THE REGISTRATION PROCESS, YOU SIGNIFY YOUR CONSENT TO BE BOUND BY THESE TERMS AND THAT YOU ARE OF LEGAL AGE TO FORM A BINDING CONTRACT. THESE TERMS IS BETWEEN US AND YOU, AN INDIVIDUAL OR AN INDIVIDUAL ACTING ON BEHALF OF A LEGAL ENTITY THAT WILL BE USING THE SERVICES. IF YOU DO NOT AGREE TO THESE TERMS YOU MUST NOT USE THE SITE OR THE SERVICES.

The term of These Terms commences on the earlier of (i) the date you start using the Services; or, (ii) the date you complete the registration process, and continues as long as you are using the Services and until your subscriptions expires or either party terminates these Terms earlier in accordance with this Section. Either party may terminate these Terms if the other party materially breaches these Terms and does not cure such breach within 14 days of a written notice.

Without derogating from the generality of the foregoing, we may terminate these Terms or suspend your account in any of the following events: (i) you or your affiliates have breached these Terms or any other agreement with Hibernating Rhinos; (ii) we have a reasonable basis to believe that you, your account, or any activity through use of your Personal Data is fraudulent; (iii) you and/or any communications and other activities through use of your Personal Data may expose us, our partners or any third party to liability; (iv) you have made an assignment for the benefit of creditors, you become a subject to liquidation, bankruptcy or any other similar procedure.

UPON TERMINATION FOR ANY REASON OR NO REASON, YOU CONTINUE TO BE BOUND BY THESE TERMS, WHILE ALL YOUR RIGHTS UNDER THESE TERMS IMMEDIATELY EXPIRE. UPON TERMINATION WE ARE NO MORE RESPONSIBLE FOR ANY OF YOUR DATA FILES, BACKUP FILES OR USAGE HISTORY WHICH ARE STORED BY US.

IF YOU INTEND TO USE ANY OF THE SERVICES, THESE TERMS SHOULD BE READ TOGETHER WITH OUR PRIVACY POLICY.

2. The Services

We provide online Services that host your data (“Customer’s Data”) on public cloud servers managed by us, commercially known as RavenDB Cloud. You may access and use the Services, including any content made available through the Services (“Content”), solely for your personal use or your internal business purposes, and only as long as you are in compliance with all of the provisions of these Terms.

You retain full ownership to Customer’s Data and we don’t claim any ownership to any of it. These Terms does not grant us any rights to Customer’s Data or your intellectual property, except for the limited rights that are needed to run the Services, as explained herein. We may need to make design choices to technically administer the Services, for example, how to replicate, store, scale, cluster, compress, decompress or backup Customer’s Data. You hereby give us full permissions to make any such design choice.

The Services are accessible only to registered members of the Site, and we are under no obligation to accept any person as a registered member. Minimum hardware and software requirements for use of the Services may be posted on the Site from time to time. However, we do not guarantee the access to or performance of the Services, even if you meet such minimum requirements. Occasionally, you may experience interrupted Services, delays or errors in the Services. This may be due to a number of reasons including, maintenance that we perform on the Site as well as reasons beyond our control. We will attempt to provide you with prior notice of any interruptions, delays or errors, but we cannot guarantee that such notice will be provided.

You acknowledge that we may, in our sole discretion and at any time(s), change or discontinue providing any part of the Services without prior notice, and establish or change limits concerning use of the Services without prior notice, including without limitation (i) the number of users that can access the Services or use the Services at any one time, (ii) the number of projects managed by theServices, and (iii) the number of times (and the maximum duration for which) you may access the Services in a given period of time. You may reject changes by discontinuing use of the Services. Your continued use of the Services will constitute your acceptance of and agreement to such changes.

We may, in our sole discretion and without notice or liability to you or any third party: (i) immediately suspend or terminate your account (if any) and block any and all current or future access to and use of the Site and the Services (or any portion thereof) without derogating from any other right or remedy that we may have by law, equity or otherwise; (ii) delete your usage history and your backup data files older than 12 months or, delete your entire usage history, data files and backup data files 2 weeks after you terminate using the Services, whichever is sooner. Without derogating from the above, any free instance which may be provided, which is inactive for more than 14 days will be closed and deleted.

You may use the Services for no charge (“Free Services”), provided that such usage is limited up to the resources designated at the Site and once you reached the maximum resources allocated for Free Services you will start to pay the applicable Subscription Fees. We reserve the right to discontinue the provision of the Free Services at any given time, without providing a prior notice to that effect.

3. Payments

In consideration to the Services we will charge you with a subscription fees applicable with the type of the Services you subscribe for on the Buy Page at the Site (“Subscription Fees”). Subscription Fees may be charged in accordance with the resources actually used by you.

In addition, subject to your purchase and payment of applicable fees we will provide certain consulting services (“Consulting Services”). Pricing for the Consulting Service will be provided to custom quote basis.

The pricing for the Subscription Fees can be found at the Site. We may modify the price, content, or nature of the Subscription Fees at any time. We may provide notice of any such changes by email, notice to you upon log-in, or by publishing them on the Site. We may change the fees and charges in effect or add new fees and charges from time to time, but we will give you advance notice of these changes by email.

By providing a credit card or other payment method accepted by us (“Payment Method”) for the Services, you are expressly agreeing that we are authorized to charge you the applicable fees at the then current rate, and any other charges you may incur in connection with your use of the Services to your elected Payment Method.

For all purchases, your Payment Method will be charged on a monthly basis or at the interval indicated in our fees and payment policies, if different.

If we do not receive payment from you through the Payment Method, you agree to pay all amounts due upon demand. If we have a reasonable basis to believe we won’t receive payment from you on the payment due date, you hereby give us an irrevocable permission to charge you earlier than that date. We reserve the right to take all necessary actions to collect amounts due from you, including but not limited to legal action and/or using third party collection agencies. Without derogating from the aforesaid, we reserve the right to discontinue the provision of the Services (including deletion of Customer's Data) to you for any late payments.

To the fullest extent permitted by law, refunds (if any) are at our sole discretion. Refunds shall be awarded only in the form of credit for future Services. No cash refunds will be awarded. Nothing in these Terms obligates us to extend credit to any party.

Charges are exclusive of taxes, including without limitation, value added and other similar taxes, which shall be added to each payment at the appropriate rate. Charges are solely based on our measurements of your use of the Services. Overdue payments shall be subject to a late charge of 1.5% per month.

4. Personal Data

Some functions of the Services may require you to provide certain personal information, including among others, name, company name, email address and telephone number (“Personal Data”). You agree to:

  • Provide true, accurate, current and complete Personal Data as prompted by the Services.
  • Maintain and promptly update the Personal Data to keep it accurate, current and complete.
  • Maintain the security and confidentiality of any usernames and passwords, and any other security or access information used by you to access the Site or Services.
  • Refrain from impersonating any person or entity or misrepresent your identity or affiliation with any person or entity, including using another person’s Personal Data.
  • Immediately notify us in writing if you become aware of any loss, theft or use by any other person or entity of any of your Personal Data in connection with the Site or the Services or any other breach of security that you become aware of involving or relating to the Site and Services.
  • Log out of any accounts you have created on the Site or with the Services at the end of each session.

You represent and warrant that your use in our Services comply with any applicable laws, including without limitation any applicable privacy protection laws. To the extent that your Personal Data relates to individuals who are in the European Union, our form of "Data Processing Addendum", which is attached hereto as Appendix A, applies and serves as an integral part of these Terms.

We assume, and you represent and warrant to us, that any communications and other activities through use of your Personal Data were sent or authorized by you, and you are fully responsible for all activities that occur under your Personal Data. We will not be liable for your losses caused by any unauthorized use of your Personal Data. We further do not assume any responsibility for any communications sent by you.

Without derogating from the foregoing, we reserve the right to reset any usernames and passwords if there has been any unauthorized access to, or use of, the Services using your Personal Data.

You declare that by providing Personal Data to us, you hereby consent to, us sending, and you receiving, by means of telephone, facsimile, SMS or e-mail, communications containing content of a commercial nature relating to the Site and Services. You acknowledge that we do not have to obtain your prior consent (whether written or oral) before sending such communications to you, provided that we shall immediately cease to send any such further communications should you notify us in writing that you do not wish to receive such commercial content anymore.

5. User Conduct

In connection with your use of the Services (including without limitation any information, data, images, feedback, material or ideas that you provide to us through the Services or the Site (each, a “Submission”), you agree (i) to abide by all applicable local, state, federal, national and international laws and regulations, and (ii) not, nor allow or facilitate a third party, to violate or infringe any rights (including without limitation copyrights, rights of publicity or privacy and trademarks) of others or our policies or the operational or security mechanisms of theServices. Without limiting the foregoing, you may:

  • Not use the Site, the Services or any of its Content (including without limitation any programming, images, photographs, graphics), to promote, conduct, or contribute to fraudulent, obscene, pornographic, inappropriate or illegal activities, including without limitation deceptive impersonation, in connection with contests, pyramid schemes, surveys, chain letters, junk e-mail, spamming or any duplicative or unsolicited messages (commercial or otherwise).
  • Not interfere with the access, use or enjoyment of the Services by others (including without limitation causing greater demand on the Services than is deemed by us reasonable); harass or defame others; or promote hatred towards any group of people.
  • Not alter, modify, delete, forge, frame, copy, publicly display, publicly perform, rent, sell, hyper-link, create derivative works or otherwise interfere with or in any manner disrupt, circumvent, or compromise, any part of the Site, the Services, any Content (including without limitation trademarks, Services marks and logos contained in the Site but excluding Content provide entirely by you). However, you may copy Content that is reasonably required for the intended purposes of the Site and the Services.
  • Not access or attempt to access any of our systems, programs or data that are not made available for public use or attempt to bypass any registration processes to the Services, security and traffic management devices, software or routines.
  • Not decompile, disassemble, reverse engineer or otherwise attempt to discover any source code or underlying ideas or algorithms of the Site or the Services except if and to the extent permitted by applicable law.
  • Not use any robot, spider, other automated device or any tool-bar, web-bar, other web-client, device, software, routine or manual process, to access the Services, make Submissions, monitor or scrap information from the Services, or bypass any of our robot exclusion request (either on headers or anywhere else on the Services), if any.
  • Not use any meta tags or any other “hidden text” utilizing any trademarks or intellectual property owned or licensed by us.

6. Privacy Policy

Certain information about you or collected on your behalf is subject to our Privacy Policy, presented in our Site (“Privacy Policy”). By accessing the Services, you consent to the collection and use of information as described in our Privacy Policy, as may be amended by us from time to time.

7. RavenDB Support Policy

RavenDB Support Policy as set forth at the Site, which may be updated or revised from time to time, are part of these Terms, as applicable to the Services.

8. Proprietary rights

We shall retain all right, title and interest, including without limitation all patents, copyrights, trade secrets, trademarks, and other intellectual property and proprietary rights in and to the Services and/or its technology, including any improvements, updates, upgrades, error-corrections or other modifications thereof, and any work products thereof. Except for the rights expressly granted to you to use the Services, these Terms do not grant you any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licenses in respect of Hibernating Rhinos, its technology, its products and services (including the Services) and/or any documentation ancillary thereof.

Without derogating from the generality of the above, we shall be the sole and exclusive owner of all rights in connection with any and all ideas, inventions and/or improvements (whether patentable or not) conceived or derived or result from, or relate to, directly or indirectly, any feedback (written or oral) that you voluntarily choose to provide us regarding the Services and/or your experience while using the Services. You irrevocably assign to us any rights that you may have or acquire in such ideas, inventions and/or improvements, and you irrevocably waive any right you have or may have in the future to receive any payment, royalty or other consideration (of any kind) with respect to such ideas, inventions and/or improvements.

10. Disclaimer

The Site, the Services and any Content is provided on an “asis” and “as available” basis. WE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, WE MAKE NO WARRANTY THAT THIS SITE OR THE SERVICES WILL MEET YOUR REQUIREMENTS, OR WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR, BUG OR VIRUS FREE; NOR DO WE WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE SITE, THE SERVICES OR THE CONTENT IN TERMS OF ITS CORRECTNESS, COMPLETENESS, AVAILABILITY, ACCURACY, RELIABILITY OR OTHERWISE. YOUR USE OF THE SITE AND CONTENT IS AT YOUR OWN DISCRETION AND RISK, AND YOU ARE SOLELY RESPONSIBLE FOR ANY RESULTING CONSEQUENCES.

11. No Liability

UNDER NO CIRCUMSTANCES WE SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (I) ARISING OUT OF THE USE OR THE INABILITY TO USE THE SITE, THE SERVICES OR CONTENT, (II) FOR COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES, OR (III) RESULTING FROM ANY INACCURACIES OR ERRORS OF INFORMATION RECEIVED AS A RESULT OF USING THE SITE OR THE SERVICES; IN EACH CASE, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, REPUTATION, GOODWILL, USE, DATA OR OTHER INTANGIBLE, EVEN IFWE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE. WITHOUT DEROGATING FROM ANY OF THE FOREGOING, OUR TOTAL AGGREGATE LIABILITY IN CONNECTION WITH THE SITE, CONTENT, SERVICES OR THESE TERMS WILL BE LIMITED TO THE AMOUNT OF FEES ACTUALLY PAID BY YOU TO US DURING THE PRECEDING ONE MONTH, IF ANY. THE FOREGOING LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND ARE FUNDAMENTAL ELEMENTS OF THE BARGAIN BETWEEN US AND YOU.

12. Indemnification

YOU RELEASE, AND AGREE, AT YOUR OWN EXPENSE, TO INDEMNIFY, DEFEND AND HOLD HARMLESS, OUR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS AND AFFILIATES, FROM ALL LIABILITIES, CLAIMS, ALLEGED CLAIMS, LOSS AND DAMAGES (OF EVERY KIND, WHETHER KNOWN OR UNKNOWN AND SUSPECTED OR UNSUSPECTED), AND INCLUDING REASONABLE ATTORNEY’S FEES RELATED IN ANY WAY TO: (I) YOUR BREACH OF ANY TERM OR CONDITION OF THESE TERMS; (II) YOUR USE OF, RELIANCE ON OR ACCESS TO THE SITE, THE SERVICES OR THE CONTENT; (III) ANY USE, MISUSE, OR UNAUTHORIZED USE OF THE SITE OR THE SERVICES THROUGH YOUR PERSONAL DATA; (IV) ANY USE, MISUSE, OR UNAUTHORIZED USE THROUGH YOUR PERSONAL DATA WITH RESPECT TO VIOLATION OF THIRD PARTY RIGHTS; AND (V) YOUR CUSTOMER'S DATA. WE WILL PROVIDE YOU WITH WRITTEN NOTICE OF SUCH CLAIM, SUIT OR ACTION. YOU SHALL COOPERATE FULLY IN THE DEFENSE OF ANY CLAIM. WE RESERVE THE RIGHT, AT OUR OWN EXPENSE, TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF ANY MATTER SUBJECT TO INDEMNIFICATION BY YOU.

13. Infringement Notices and Takedown

If you believe that any material contained on Services infringes your copyright, you should notify us at support@ravendb.net.

Your notice should be in English and contain the following information: (a) a physical or electronic signature of a person authorized to act on behalf of the owner of the copyright interest that is allegedly infringed; (b) a description of such copyrighted work(s) and an identification of what material in such work(s) is claimed to be infringed; (c) a description of the exact name of the infringing work and the location of the infringing work on the Site; (d) information sufficient to permit us to contact you, such as your physical address, telephone number and e-mail address; (e) a statement by you that you have a good faith belief that the use of the material identified in the manner complained of is not authorized by the copyright owner, its agent, or the law; (f) a statement by you that the information in the notification is accurate and, under penalty of perjury that you are authorized to act on the copyright owner’s behalf.

We will only respond to any claims involving alleged copyright infringement. Notwithstanding this section, we reserve the right at any time and in our sole discretion, to remove content which in our sole judgment appears to infringe the intellectual property rights of another person.

14. Fair Usage

You may use the Services only for the purpose and the authorized usage set forth herein and only for as long as you are in compliance with all of the terms and conditions herein. Unfair usage and illegitimate use are expressly prohibited.

The following is a non-exhaustive list of practices that would be considered illegitimate use or unfair usage:

  1. use the Services in a manner that may be or become jeopardizing, malicious, misleading, inappropriate, improper or otherwise harmful;
  2. use any part of the Services for any illegal or unethical purposes;
  3. interfere with the ordinary use of the Services; and/or
  4. breach or otherwise circumvent any security or authentication measures;

You shall remain exclusively responsible for all acts or omissions in connection with Customer's Data that you create, edit, store, post, upload, distribute or transmit, while using the Services, or otherwise make available through the Services. You acknowledge, represent and warrant that we do not control or monitor, and are not responsible for Customer's Data that you may make available through the Services.

We, at our option, may terminate our relationship with you, or may suspend the Services immediately if we determine, at our sole discretion, you are using the Services for unfair usage or illegitimate use. Where reasonable, we will provide you with notice of improper usage before suspension or termination of the Services.

15. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the State of Israel laws, without giving effect to its conflict of law principles. Disputes arising in connection with these Terms shall be subject to the exclusive jurisdiction of the applicable courts of Tel-Aviv, Israel.

16. Limitation of Claims

You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of these Terms must be filed within one (1) year after such claim or cause of action arose or be forever barred.

17. Miscellaneous

If any part of these Terms is found to be invalid, unlawful or unenforceable, the offending part shall be amended or extracted from the remaining terms all of which shall remain in full force as permitted by law. These Terms, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by us without restriction. These Terms and our rules and policies in the Site comprise the entire agreement between you and us, states our and our suppliers’ entire liability and your exclusive remedy with respect to the Site and the Services, and supersede all prior agreements pertaining to these Terms and such rules’ and policies’ subject matter. Any failure to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

The section titles in these Terms are solely used for the convenience and have no legal or contractual significance. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and any failure to assert any right or provision under these Terms shall not constitute a waiver of such term. No provision of these Terms shall be construed against the owners of the site but rather shall be construed in a neutral and fair manner as terms entered into by a fully-informed party on a voluntary basis. All terms which by their nature should survive termination of agreement, shall survive such termination.

Appendix A

This Data Processing Agreement ("DPA") forms an integral part of, and is subject to and forms part of the RavenDB Cloud Terms of Use (the "Terms") by and between Hibernating Rhinos Ltd, and Affiliates (as defined below) ("Processor") and the customer whose details were provided in the "sign up" process ("Controller"). Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms.

  1. Definitions

    In addition to capitalized terms defined elsewhere in this DPA, the following terms shall have the meanings set forth below:

    1. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control" for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interest in the subject entity.

    2. "Applicable Law" means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"), laws implementing or supplementing the GDPR.

    3. "Controller Personal Data" means any Personal Data Processed by Processor on behalf of Controller pursuant to or in connection with the Terms.

    4. "Data Protection Laws" means Applicable Law and, to the extent applicable, the data protection or privacy laws of any other applicable country where the Services are delivered.

    5. "Standard Contractual Clauses" means the standard contractual clauses for the transfer of Personal Data to data importers established in third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as set out in Commission Implementing Decision (EU) 2021/914 and available at: eur-lex.europa.eu

    6. "Sub Processor" means any person (excluding an employee of Processor or any Processor Affiliate) appointed by or on behalf of Processor or any Processor Affiliate to Process Controller Personal Data on behalf of the Controller in connection with the Terms.

    7. The terms "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Processor", "Processing" and "Supervisory Authority" shall have the meanings ascribed to them in the GDPR.

  2. Processing of Controller Personal Data

    1. Processor shall Process Controller Personal Data on Controller's behalf and at Controller's instructions as specified in the Terms and in this DPA, including without limitation with regard to transfers of Controller Personal Data to a third country or international organization. Any other Processing shall be permitted only in the event that such Processing is required by any Data Protection Laws to which the Processor is subject. In such event, Processor shall, unless prohibited by such Data Protection Laws on important grounds of public interest, inform Controller of that requirement before engaging in such Processing.

      1. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) (i) to Process Controller Personal Data for the provision of the services, as detailed in the Terms ("Services") and as otherwise set forth in the Terms and in this DPA, and/or as otherwise directed by Controller; and (ii) to transfer Controller Personal Data to any country or territory as reasonably necessary for the provision of the Services and in accordance with Applicable Law.

    2. Controller sets forth the details of the Processing of Controller Personal Data, as required by Article 28(3) of the GDPR in Schedule 1 (Details of Processing of Controller Personal Data), attached hereto.

    3. To the extent that the Processor uses Sub Processors in order to Process Personal Data in countries outside of the European Economic Area that do not provide an adequate level of data protection, as determined by the European Commission or other adequate authority as determined by the EU, it will enter into appropriate agreements with such Sub Processors, such as the Standard Contractual Clauses.

  3. Controller

    Controller represents and warrants that it has and shall maintain throughout the term of the Terms and this DPA, all necessary rights to provide the Controller Personal Data to Processor for the Processing to be performed in relation to the Services and in accordance with the Terms and this DPA. To the extent required by Data Protection Laws, Controller is responsible for obtaining any necessary Data Subject consents to the Processing, and for ensuring that a record of such consents is maintained throughout the term of the Terms and this DPA and/or as otherwise required under Data Protection Laws.

  4. Processor Employees

    Processor shall take reasonable steps to ensure that access to the Controller Personal Data is limited on a need to know and/or access basis and that all Processor employees receiving such access are subject to confidentiality undertakings or professional or statutory obligations of confidentiality in connection with their access to and use of Controller Personal Data.

  5. Security

    Processor shall implement appropriate technical and organizational measures to ensure an appropriate level of security of the Controller Personal Data as set forth in the Binding Security Document attached hereto as Schedule 2. In assessing the appropriate level of security, Processor shall take into account the risks that are presented by the nature of the Processing and the information available to the Processor.

  6. Personal Data Breach

    1. Processor shall notify Controller without undue delay and, where feasible, not later than within 48 (forty eight) hours upon Processor becoming aware of a Personal Data Breach affecting Controller Personal Data. In such event, Processor shall provide Controller with reasonable and available information to assist Controller in meeting any obligations to inform Data Subjects or Supervisory Authorities of the Personal Data Breach as required under Applicable Law.

    2. At the written request of the Controller, Processor shall reasonably cooperate with Controller and take such commercially reasonable steps as are agreed by the parties or required under Applicable Law to assist in the investigation, mitigation and remediation of any Personal Data Breach.

  7. Sub Processing

    1. Controller authorizes Processor to appoint (and permits each Sub Processor appointed in accordance with this Section 7 to appoint) Sub Processors in accordance with this Section 7.

    2. Processor may continue to use those Sub Processors already engaged by Processor as identified to Controller as of the date of this DPA.

      The current list of subprocessors is as follows:

      Subprocessor Service Provided Location/Headquarters
      Acefone Cloud communication services (VoIP) UK (London)
      Amazon Cloud infrastructure (AWS) USA (Seattle, WA)
      Bluesnap Payment processing USA (Waltham, MA)
      ESET Anti-virus systems and threat detection Slovakia (Bratislava)
      GitHub (Microsoft) Version control, code hosting USA (Microsoft - Redmond, WA)
      Google Cloud storage, analytics, and office tools (GCP) USA (Mountain View, CA)
      Hashavshevet Accounting software Israel (Tel-Aviv)
      Microsoft Cloud services, email, office tools (Azure, Outlook) USA (Redmond, WA)
      OpsGenie Incident management and alerting USA (Atlanta, GA)
      SendGrid Email delivery service USA (Denver, CO)
      Slack Team communication and collaboration USA (San Francisco, CA)
      Zoho Business applications, CRM India (Chennai)
      Zoom Video conferencing and collaboration USA (San Jose, CA)
    3. Processor may appoint new Sub Processors and shall give notice of any such appointment to Controller. If, within seven (7) days of such notice, Controller notifies Processor in writing of any reasonable objections to the proposed appointment, Processor shall not appoint the proposed Sub Processor for the Processing of Controller Personal Data until reasonable steps have been taken to address the objections raised by Controller and Controller has been provided with a reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Controller's reasonable objections, each of Controller or Processor may, by written notice to the other party and with immediate effect, terminate the Terms to the extent that it relates to the Services requiring the use of the proposed Sub Processor. In such event, the terminating party shall not bear any liability for such termination.

    4. With respect to each new Sub Processor, Processor shall:

      1. Prior to the Processing of Controller Personal Data by Sub Processor, take reasonable steps (for instance by way of reviewing privacy policies as appropriate) to ensure that Sub Processor is committed and able to provide the level of protection for Controller Personal Data required by this DPA; and

      2. ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract, including terms that offer a materially similar level of protection for Controller Personal Data as those set out in this DPA and meet the requirements of Applicable Law.

      3. Processor shall remain fully liable to the Controller for the performance of any Sub Processor's obligations.

  8. Data Subject Rights

    1. Controller shall be solely responsible for compliance with any statutory obligations concerning requests to exercise Data Subject rights under Data Protection Laws (e.g., for access, rectification, deletion of Controller Personal Data, etc.). Processor shall, at Controller's sole expense, use commercially reasonable efforts to assist Controller in fulfilling Controller's obligations with respect to such Data Subject requests, as required under Data Protection Laws.

    2. Upon receipt of a request from a Data Subject under any Data Protection Laws in respect to Controller Personal Data, Processor shall promptly notify Controller of such request and shall not respond to such request except on the documented instructions of Controller or as required by Data Protection Laws to which the Processor is subject, in which case Processor shall, to the extent permitted by Data Protection Laws, inform Controller of such legal requirement prior to responding to the request.

  9. Data Protection Impact Assessment and Prior Consultation

    At Controller's written request and expense, the Processor and each Sub Processor shall provide reasonable assistance to Controller with respect to any Controller Personal Data Processed by Processor and/or a Sub Processor, with any data protection impact assessments or prior consultations with Supervisory Authorities or other competent data privacy authorities, as required under any Data Protection Laws.

  10. Deletion or Return of Controller Personel Data

    Processor shall promptly and in any event within 60 (sixty) days of the date of cessation of provision of the Services to Controller involving the Processing of Controller Personal Data, delete, return, or anonymize all copies of such Controller Personal Data, provided however that Processor may retain Controller Personal Data, as permitted by applicable law.

  11. Audit Rights

    1. Subject to Sections 11.2 and 11.3, Processor shall make available to an auditor mandated by Controller in coordination with Processor, upon prior written request, such information reasonably necessary to demonstrate compliance with this DPA and shall allow for audits, including inspections, by such reputable auditor mandated by the Controller in relation to the Processing of the Controller Personal Data by the Processor, provided that such third-party auditor shall be subject to confidentiality obligations.

    2. Any audit or inspection shall be at Controller's sole, and subject to Processor's reasonable security policies and obligations to third parties, including with respect to confidentiality. The results of any audit or inspection shall be considered the confidential information of the Processor and shall be treated with the same degree of care as Controller affords its own confidential information.

    3. Controller and any auditor on its behalf shall use best efforts to minimize or avoid causing any damage, injury or disruption to the Processors' premises, equipment, employees and business and shall not interfere with the Processor's day-to-day business. Controller and Processor shall mutually agree upon the scope, timing and duration of the audit or inspection and the reimbursement rate, for which Controller shall be responsible. Processor need not give access to its premises for the purposes of such an audit or inspection:

      1. to any individual unless he or she produces reasonable evidence of identity and authority;

      2. if Processor was not given a prior written notice of such audit or inspection;

      3. outside of normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis; or

      4. for the purposes of more than one (1) audit or inspection in any calendar year, except for any additional audits or inspections which:

        1. Controller reasonably considers necessary because of genuine concern as to Processor's compliance with this DPA; or

        2. Controller is required to carry out by Applicable Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Applicable Law in any country or territory, where Controller has identified its concerns or the relevant requirement or request in its prior written notice to Processor of the audit or inspection.

      5. Processor shall immediately inform Controller if, in its opinion, an instruction received under this DPA infringes the GDPR or other applicable Data Protection Laws.

  12. Limitation of Liability

    Controller shall indemnify and hold Processor harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Processor and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Data Protection Laws by Controller. Each party's liability toward the other party shall be subject to the limitations on liability under the Terms.

  13. General Terms

    1. Governing Law and Jurisdiction
      1. The parties to this DPA hereby agree that the competent courts in Ireland shall have exclusive jurisdiction regarding all disputes hereunder, and the parties expressly consent to such jurisdiction.

      2. This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of Ireland. To the extent that the Standard Contractual Clauses apply, the abovementioned jurisdiction shall be deemed the jurisdiction specified in Clause 17 of the Standard Contractual Clauses, provided that such law allows for third-party beneficiary rights.

    2. Order of Precedence
      1. Nothing in this DPA reduces Processor's obligations under the Terms in relation to the protection of Controller Personal Data or permits Processor to Process (or permit the Processing of) Controller Personal Data in a manner that is prohibited by the Terms.

      2. This DPA is not intended to, and does not in any way limit or derogate from Controller's obligations and liabilities towards the Processor under the Terms and/or pursuant to Data Protection Laws or any law applicable to Controller in connection with the collection, handling and use of Controller Personal Data by Controller or its Affiliates or other processors or their sub processors, including with respect to the transfer or provision of Controller Personal Data to Processor and/or providing Processor with access thereto.

      3. Subject to this Section 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Terms and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail. In the event of inconsistencies between the provisions of this DPA and the Standard Contractual Clauses (to the extent they apply), the Standard Contractual Clauses shall prevail.

    3. Changes in Data Protection Laws
      1. Controller may, by at least 45 (forty five) calendar days' prior written notice to Processor, request in writing any variations to this DPA if they are required as a result of any change in, or decision of a competent authority under any Data Protection Laws in order to allow Controller Personal Data to be Processed (or continue to be Processed) without breach of that Data Protection Laws.

      2. If Controller gives notice with respect to its request to modify this DPA under Section 13.3.1, (i) Processor shall make commercially reasonable efforts to accommodate such modification request and (ii) Controller shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Processor to protect the Processor against additional risks, or to indemnify and compensate Processor for any further steps and costs associated with the variations made herein.

    4. Severance

      Should any provision of this DPA be held invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall either be (i) amended as necessary to ensure its validity and enforceability, while preserving the parties' intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

  14. Schedule 1: Details of Processing of Controller Personal data

    This Schedule 1 includes certain details of the Processing of Controller Personal Data as required by Article 28(3) GDPR.

    Subject matter and duration of the Processing of Controller Personal Data. The subject matter and duration of the Processing of the Controller Personal Data are set out in the Terms, in Processor's Privacy Notice ("Privacy Notice") and this DPA.

    The nature and purpose of the Processing of Controller Personal Data: Rendering Services, as detailed in the Terms and the Privacy Notice.

    The types of Controller Personal Data to be Processed are as follows: As detailed in the Privacy Notice.

    The categories of Data Subject to whom the Controller Personal Data relates to are as follows: Data Subjects who are Controller's employees and subcontractors.

    The obligations and rights of Controller. The obligations and rights of Controller and Controller Affiliates are set out in the Terms and this DPA.

Updated October, 2024