P: +41 79 579 39 98
President: Ilija Mrvelj
CEO: Johannes Weiss
Acceptable Use Policy
Here at Subbr.group , our goal is to help you and your team do the best work of your lives, every day. To do this, we need to keep our products and services running smoothly, quickly, and without distraction. For this to happen, we need help from you, our users. We need you not to misuse or abuse our products and services.
To describe exactly what we mean by “misuse” or “abuse” – and help us identify such transgressions, and react accordingly – we’ve created this Acceptable Use Policy. Under this policy, we reserve the right to remove content that is inconsistent with the spirit of the guidelines, even if it’s something that is not forbidden by the letter of the policy. In other words, if you do something that isn’t listed here verbatim, but it looks or smells like something listed here, we may still remove it.
You’ll see the word “services” a lot throughout this page. That refers to all websites owned or operated by Subbr.group , and any related websites, sub-domains and pages, as well as any cloud services operated by Subbr.group .
Use your judgment, and let’s be kind to each other so we can keep creating great things. You can find all the legal fine print at the bottom of this page.
Here’s what we won’t allow:
• Compromising the integrity of our systems. This could include probing, scanning, or testing the vulnerability of any system or network that hosts our services.
• Tampering with, reverse-engineering, or hacking our services, circumventing any security or authentication measures, or attempting to gain unauthorized access to the services, related systems, networks, or data
• Modifying, disabling, or compromising the integrity or performance of the services or related systems, network or data
• Deciphering any transmissions to or from the servers running the services
• Overwhelming or attempting to overwhelm our infrastructure by imposing an unreasonably large load on our systems that consume extraordinary resources (CPUs, memory, disk space, bandwidth, etc.), such as:
• Using “robots,” “spiders,” “offline readers,” or other automated systems to sends more request messages to our servers than a human could reasonably send in the same period of time by using a normal browser
• Going far beyond the use parameters for any given service as described in its corresponding documentation
• Consuming an unreasonable amount of storage for music, videos, pornography, etc., in a way that’s unrelated to the purposes for which the services were designed
• Misrepresentation of yourself, or disguising the origin of any content (including by “spoofing”, “phishing”, manipulating headers or other identifiers, impersonating anyone else, or falsely implying any sponsorship or association with Subbr.group or any third party)
• Using the services to violate the privacy of others, including publishing or posting other people's private and confidential information without their express permission, or collecting or gathering other people’s personal information (including account names or information) from our services
• Using our services to stalk, harass, or post direct, specific threats of violence against others
• Using the Services for any illegal purpose, or in violation of any laws (including without limitation data, privacy, and export control laws)
• Accessing or searching any part of the services by any means other than our publicly supported interfaces (for example, “scraping”)
• Using meta tags or any other “hidden text” including Subbr.group ’s or our suppliers’ product names or trademarks
• Using the services to generate or send unsolicited communications, advertising, chain letters, or spam
• Soliciting our users for commercial purposes, unless expressly permitted by Subbr.group
• Disparaging Subbr.group or our partners, vendors, or affiliates
• Promoting or advertising products or services other than your own without appropriate authorization
• Posting, uploading, sharing, submitting, or otherwise providing content that:
• Infringes Subbr.group ’s or a third party’s intellectual property or other rights, including any copyright, trademark, patent, trade secret, moral rights, privacy rights of publicity, or any other intellectual property right or proprietary or contractual right
• You don’t have the right to submit
• Is deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic (including child pornography, which we will remove and report to law enforcement, including the National Center for Missing and Exploited Children), indecent, harassing, hateful
• Encourages illegal or tortious conduct or that is otherwise inappropriate
• Attacks others based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, disability, or medical condition
• Contains viruses, bots, worms, scripting exploits, or other similar materials
• Is intended to be inflammatory
• Could otherwise cause damage to Subbr.group or any third party
In this Acceptable Use Policy, the term “content” means: (1) any information, data, text, software, code, scripts, music, sound, photos, graphics, videos, messages, tags, interactive features, or other materials that you post, upload, share, submit, or otherwise provide in any manner to the services and (2) any other materials, content, or data you provide to Subbr.group or use with the Services.
Without affecting any other remedies available to us, Subbr.group may permanently or temporarily terminate or suspend a user’s account or access to the services without notice or liability if Subbr.group (in its sole discretion) determines that a user has violated this Acceptable Use Policy.
Data Processing Addendum
Subbr.group Data Processing Addendum
This Data Processing Addendum (the “Addendum”) amends the terms and forms part of theSubbr.group Terms of Service or other agreement governing your use of the applicable Subbr.group Product(s) (the “Agreement”) by and between you and the applicable Subbr.group Entity from which you are purchasing the Products. This Addendum will be effective as of the date we receive a complete and executed Addendum from the Customer indicated in the signature block below in accordance with the instructions under Sections I and II below (the “Effective Date”). This Addendum shall apply to Customer Personal Data that we process in the course of providing you the Products under the Agreement.The scope and duration, as well as the extent and nature of the collection, processing and use of Customer Personal Data under this Addendum shall be as defined in the Agreement. The term of this Addendum corresponds to the duration of the Agreement.
A. This Addendum has been pre-signed on behalf of the applicable Subbr.group Entity.To enter into this Addendum, you must:i. be a customer of the Products;ii. complete the signature block below by signing and providing all itemsidentified as “Required”; andiii. submit the completed and signed Addendum to Subbr.group as instructed.
A. This Addendum will only be effective (as of the Effective Date) if executed and submitted to Subbr.group accurately and in full accordance with paragraph I above and this paragraph II. If you make any deletions or other revisions to this Addendum, then this Addendum will be null and void.B. Customer signatory represents to Subbr.group that he or she has the legal authority to bind Customer and is lawfully able to enter into contracts (e.g., is not a minor).C. This Addendum will terminate automatically upon termination of the Agreement or as earlier terminated pursuant to the terms of this Addendum.
DATA PROCESSING TERMS
1.1 The terms below shall have the following meanings:“Subbr.group”, “we”, “us”, “our” means the applicable Subbr.group Entity that provides the relevant Product(s), as designated in the Agreement;“Product(s)” means our hosted or cloud-based solutions provided to you under the Agreement, including any client software we provide as part of the Products;“Customer”, “you”, “your” means the entity listed in the “Customer name” field on thesignature block below;"Customer Personal Data" means the personal data processed by Subbr.group on your behalf in the course of providing the Products to you;"data processor", "data subject", "personal data", "processing" and "appropriate technical and organizational measures" shall be interpreted in accordance with applicable Data Protection Legislation;"Data Protection Legislation" means European Directives 2002/58/EC, the General Data Protection Regulation and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates such legislation or regulation; and“End Users” means an individual you permit or invite to use the Products. For the avoidance of doubt: (a) individuals invited by your End Users, (b) individuals under managed accounts, and (c) individuals interacting with a Cloud Product as your customer are also considered End Users.
2.1 The provisions of this Section 2 shall apply where Data Protection Legislation applies to your processing of Customer Personal Data and where we process that Customer Personal Data as a data processor in the course of providing you the Products.
2.2 The subject-matter of the data processing is providing the Products and the processing will be carried out until we cease to provide any Products to you.Annex 1 of this Addendum sets out the nature and purpose of the processing, the types of Customer Personal Data we process and the data subjects whose Customer Personal Data is processed.
2.3 When we process Customer Personal Data in the course of providing Products to you, we will:
2.3.1 process the Customer Personal Data only in accordance with documented instructions from you (as set forth in this Addendum or the Agreement or as directed by you through the Products). If applicable law requires us to process the Customer Personal Data for any other purpose, we will inform you of this requirement first, unless such law(s) prohibit this on important grounds of public interest;
2.3.2 notify you promptly if, in our opinion, an instruction for the processing of Customer Personal Data given by you infringes applicable Data Protection Legislation;
2.3.3 assist you, taking into account the nature of the processing:(i) by appropriate technical and organizational measures and where possible, in fulfilling your obligations to respond to requests from data subjects exercising their rights;(ii) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the General Data Protection Regulation, taking into account the information available to us; and(iii) by making available to you all information reasonably requested by you for the purpose of demonstrating that your obligations relating to the appointment of processors as set out in Article 28 of the General Data Protection Regulation have been met.
2.3.4 implement and maintain appropriate technical and organizational measures to protect the Customer Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure in accordance with Annex
2. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Customer Personal Data and appropriate to the nature of the Customer Personal Data which is to be protected. We may amend the technical and organizational measures, provided that the new measures do not fall short of the level of security provided by the specified measures;
2.3.5 not give access to or transfer any Customer Personal Data to any third party for such third party’s independent use (e.g., not directly related to providing the Products) without your prior written consent. You consent to our appointment of the Subbr.group affiliates and applicable third party subprocessors for the purposes described in this Addendum. We may update the list of approved subprocessors, at which point you will have the opportunity to object within forty-five (45) days by terminating the Agreement for convenience. To receive notice of updates to the list of subprocessors please subscribe at the link provided above. When engaging subprocessors in the processing of Customer Personal Data, we are responsible for the performance of each subprocessor. We will include in our agreement with any such third party subprocessor terms which are at least as favorable to you as those contained herein and as are required by applicable Data Protection Legislation;
2.3.6 ensure that our personnel required to access the Customer Personal Data are subject to a binding duty of confidentiality with regard to such Customer Personal Data;
2.3.7 except as set forth in Section 2.3.5 above or in accordance with documented instructions from you (as set forth in this Addendum or the Agreement or as directed by you through the Products), ensure that none of our personnel publish, disclose or divulge any Customer Personal Data to any third party;
2.3.8 upon expiration or earlier termination of the Agreement, upon your written request, securely destroy or return to you such Customer Personal Data in our possession within a reasonable time, unless applicable laws require retention of such Customer Personal Data; and
2.3.9 on the condition that you have entered into an applicable non-disclosure agreement with us:(i) allow you and your authorized representatives to access and review up-to-date attestations, certifications, reports or extracts thereof from independent bodies (e.g., external auditors, internal audit, data protection auditors) or other suitable certifications to ensure compliance with the terms of this Addendum; or (ii) where required by Data Protection Legislation or the Standard Contractual Clauses (where applicable) contained in Annex 4 (and in accordance with this Section 2.3.9), allow you and authorized representatives to conduct audits (including inspections) during the term of the Agreement to ensure compliance with the terms of this Addendum. Notwithstanding the foregoing, any audit must be conducted during our regular business hours, with reasonable advance notice to us and subject to reasonable confidentiality procedures. The scope of any audit shall not require us to disclose to you or your authorized representatives, or to allow you or your authorized representatives to access:a. any data or information of any other Subbr.group customer;b. any Subbr.group internal accounting or financial information;c. any Subbr.group trade secret;d. any information that, in our reasonable opinion could: 1) compromise the security of our systems or premises; or 2) cause us to breach our obligations under Data Protection Legislation or our security, confidentiality and or privacy obligations to any other Subbr.group customer or any third party; or e. any information that you or your authorized representatives seek to access for any reason other than the good faith fulfilment of your obligations under the Data Protection Legislation and our compliance with the terms of this Addendum. In addition, audits shall be limited to once per year, unless 1) we have experienced a Security Breach within the prior twelve (12) months which has impacted your Customer Personal Data; or 2) an audit reveals a material noncompliance. If we decline or are unable to followyour instructions regarding audits permitted under this Section 2.3.9 (or the Standard Contractual Clauses, where applicable), you are entitled to terminate this Addendum and the Agreement for convenience.
2.4 If we become aware of and confirm any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or access to your Customer Personal Data that we process in the course of providing the Products (a "Security Breach"), we will notify you without undue delay.
2.5 Data Transfers. The parties agree that this subsection shall apply only to Customer Personal Data that is protected by Data Protection Legislation and such Customer Personal Data is transferred outside the European Economic Area (EEA) to Subbr.group, either directly or via onward transfer.3. Miscellaneous
3.1 Customer acknowledges and agrees that Subbr.group has the right to use data relating to or obtained in connection with the operation, support or use of the Products for its legitimate internal business purposes, such as to support billing processes, to administer the Products, to send information about our products and services, to improve, benchmark, and develop our products and services, to comply with applicable laws (including law enforcement requests), to ensure the security of our Products and to prevent fraud or mitigate risk. To the extent that any such data is personal data, we will process such data in accordance with appropriate technical and organizational measures and applicable laws, including, but not limited to the Data Protection Legislation.
3.2 In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. This Addendum is subject to the governing law and venue terms in the Agreement, except as otherwise provided in Annex 4 to the extent Annex 4 applies. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum (including its Annexes) will be governed by the limitations of liability and other relevant provisions of the Agreement. Without limiting the foregoing, any liability arising under this Addendum shall be subject to the limitations of liability under the Agreement as if such liability arose under the Agreement or the applicable order, and any liability of a party, its affiliates, their signatories or their suppliers arising under this Addendum will be aggregated with any other applicable liabilityarising under the Agreement for purposes of applying any applicable liability caps.Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. Except as otherwise expressly provided herein, no supplement, modification, or amendment of this Addendum will be binding, unless executed in writing by a duly authorized representative of each party to this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties. Please sign and return the enclosed copy of this Addendum as instructed to acknowledge thesupplementation of these terms to the Agreement.
CUSTOMERCustomer name (Required):Signature (Required):Name (Required):Title (Optional):Date (Required): _______________________EU Representative (Required only where applicable): ____________________Contact details: _____________________Data Protection Officer (Required only where applicable): ____________________Contact details: _____________________
SUBBR.GROUPNotwithstanding the signatures below of any other Subbr.group Entity, an Subbr.group Entity is not a party to this Addendum unless they are a party to the Agreement for the provision of the Products to you. Where the Products are provided under an Agreement withSubbr.group AG is also a party to this Addendum.
Data Protection Point of Contact: Erika FisherContact details: firstname.lastname@example.orgSubbr.group AGSignature:Name: Ilija MrveljTitle: President BODAnnex 1 - Data subjects
The personal data concern End Users of the Products, in addition to individuals whose personal data is supplied by End Users of the Products.
Categories of dataThe personal data transferred concern the following categories of data:• Direct identifying information (e.g., name, email address, telephone).• Indirect identifying information (e.g., job title, gender, date of birth).• Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).• Any personal data supplied by users of the Cloud Product.
Special categories of dataSubbr.group does not knowingly collect (and Customer or End Users shall not submit or upload) any special categories of data (as defined under the Data Protection Legislation).
Purposes of processingThe personal data is processed for the purposes of providing the Products in accordance with the Agreement.
Annex 2 - Security Measures
1. Access control to premises and facilitiesMeasures must be taken to prevent unauthorized physical access to premises and facilities holding personal data. Measures shall include:• Access control system• ID reader, magnetic card, chip card• (Issue of) keys• Door locking (electric door openers etc.)• Surveillance facilities• Alarm system, video/CCTV monitor• Logging of facility exits/entries
2. Access control to systemsMeasures must be taken to prevent unauthorized access to IT systems. These must include the following technical and organizational measures for user identification and authentication:• Password procedures (incl. special characters, minimum length, forced change of password)• No access for guest users or anonymous accounts• Central management of system access• Access to IT systems subject to approval from HR management and IT system administrators
3. Access control to dataMeasures must be taken to prevent authorized users from accessing data beyond their authorized access rights and prevent the unauthorized input, reading, copying, removal modification or disclosure of data. These measures shall include:• Differentiated access rights• Access rights defined according to duties• Automated log of user access via IT systems• Measures to prevent the use of automated data-processing systems by unauthorized persons using data communication equipment
4. Disclosure controlMeasures must be taken to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged. These measures shall include:• Compulsory use of a wholly-owned private network for all data transfers• Encryption using a VPN for remote access, transport and communication of data.• Creating an audit trail of all data transfers
5. Input controlMeasures must be put in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained.Measures should include:• Logging user activities on IT systems• That it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment• That it is possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data have beeninput;
6. Job controlMeasures should be put in place to ensure that data is processed strictly in compliance with the data importer’s instructions. These measures must include:• Unambiguous wording of contractual instructions• Monitoring of contract performance
7. Availability controlMeasures should be put in place designed to ensure that data are protected against accidental destruction or loss.These measures must include:• Installed systems may, in the case of interruption, be restored• Systems are functioning, and that faults are reported• Stored personal data cannot be corrupted by means of a malfunctioning of the system• Uninterruptible power supply (UPS)• Business Continuity procedures• Remote storage• Anti-virus/firewall systems
8. Segregation controlMeasures should be put in place to allow data collected for different purposes to be processed separately.These measures should include:• Restriction of access to data stored for different purposes according to staff duties.• Segregation of business IT systems• Segregation of IT testing and production environments
Annex 3 - Subbr.group Entities• Subbr.group AG
Annex 4 – Standard Contractual Clauses
Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to processor transfers)Data Transfer AgreementFor the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection Subbr.group (hereinafter the "data importer")andCustomer (hereinafter the "data exporter") each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Annex 1.
Clause 1DefinitionsFor the purposes of the Clauses:(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;(b) 'the data exporter' means the controller who transfers the personal data;(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; (d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;(f) 'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2Details of the transferThe details of the transfer and in particular the special categories of personal data where applicable are specified in Annex 1 which forms an integral part of the Clauses.
Clause 3Third-party beneficiary clause1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4Obligations of the data exporterThe data exporter agrees and warrants:(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; (c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Annex 2 to this contract;(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;(e) that it will ensure compliance with the security measures;(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Annex 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and (j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5Obligations of the data importerThe data importer agrees and warrants:(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;(c) that it has implemented the technical and organizational security measures specified in Annex 2 before processing the personal data transferred;(d) that it will promptly notify the data exporter about:(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,(ii) any accidental or unauthorized access, and(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Annex 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoidits own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party
beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;(b) to refer the dispute to the courts in the Member State in which the data exporter is established.2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9Governing LawThe Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10Variation of the contractThe parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12Obligation after the termination of personal data processing services1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1 to the Standard Contractual Clauses
Data subjectsThe personal data concern End Users of the Products, in addition to individuals whose personal data is supplied by End Users of the Products.
Categories of dataThe personal data transferred concern the following categories of data:• Direct identifying information (e.g., name, email address, telephone).• Indirect identifying information (e.g., job title, gender, date of birth).• Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).• Any personal data supplied by users of the Cloud Product.
Special categories of dataSubbr.group does not knowingly collect (and Customer or End Users shall not submit or upload) any special categories of data (as defined under the Data Protection Legislation).
Purposes of processingThe personal data is processed for the purposes of providing the Products in accordance with this Agreement.
Appendix 2 to the Standard Contractual ClausesDescription of the technical and organizational security measures implemented by thedata importer in accordance with Clauses 4(d) and 5(c):The technical and organizational security measures implemented by the data importer are as described in Annex 2 of the Data Processing Addendum.
Terms of Service
These Terms of Service (these “Terms”
) describe your rights and responsibilities as a customer of our Products. As applicable to the specific Product, if you are being invited or added to a Product set up by an Subbr.group customer, the User Notice governs your access and use of the Product (and not these Terms). These Terms are between you and the subbr.group entity that owns or operates the Product that you are using or accessing (“Subbr.group”
means the entity you represent in accepting these Terms or, if that does not apply, you individually. If you are accepting on behalf of your employer or another entity, you represent and warrant that: (i) you have full legal authority to bind your employer or such entity to these Terms; (ii) you have read and understand these Terms; and (iii) you agree to these Terms on behalf of the party that you represent. If you don’t have the legal authority to bind your employer or the applicable entity please do not click “I agree” (or similar button or checkbox) that is presented to you. These Terms are effective as of the date you first click “I agree” (or similar button or checkbox) or use or access a Product, whichever is earlier (the “Effective Date”). These Terms do not have to be signed in order to be binding. You indicate your assent to these Terms by clicking “I agree” (or similar button or checkbox) at the time you register for a Product, create a Product account, or place an Order. For No-Charge Products, you also indicate your assent to these Terms by accessing or using the applicable No-Charge Product. 1. What these Terms cover.1.1.
Product-Specific Terms. Some Products may be subject to additional terms specific to that product as set forth in the Product-Specific Terms. By accessing or using a product covered by the Product-Specific Terms, you also agree to the Product-Specific Terms.1.3.
Software Products Not Covered. These Terms do not apply to our downloadable software products (currently designated as “Server” and “Data Center” deployments), use of which requires a separate license agreement with us. For clarity, however, any client software (e.g., a desktop or mobile application) we provide as part of the Products themselves remains subject to these Terms.2. How Products are administered.2.1.
Administrators. Through the Products, you may be able to specify certain End Users as Administrators, who will have important rights and controls over your use of Products and End User Accounts. This may include making Orders for Products or enabling Apps (which may incur fees); creating, de-provisioning, monitoring or modifying End User Accounts, and setting End User usage permissions; and managing access to Your Data by End Users or others. Administrators may also take over management of accounts previously registered using an email address belonging to your domain (which become “managed accounts”, as described in our Documentation). Without limiting Section 2.4 (Responsibility for End Users), which fully applies to Administrators, you are responsible for whom you allow to become Administrators and any actions they take, including as described above. You agree that our responsibilities do not extend to the internal management or administration of the Products for you.2.2.
Reseller as Administrator. If you order Products through a Reseller, then you are responsible for determining whether the Reseller may serve as an Administrator and for any related rights or obligations in your applicable agreement with the Reseller. As between you and subbr.group, you are solely responsible for any access by Reseller to your accounts or your other End User Accounts.2.3.
Responsibility for End Users. Our Products have various user onboarding flows. Some Products require users to be designated by Administrators; some allow users to sign up for individual accounts which can become associated with teams or organizations at a later time; and some may allow users to invite other users. You are responsible for understanding the settings and controls for each Product you use and for controlling whom you allow to become an End User. If payment is required for End Users to use or access a Product, then we are only required to provide the Products to those End Users for whom you have paid the applicable fees, and only such End Users are permitted to access and use the Products. Some Products may allow you to designate different types of End Users (for example, Jira Service Desk distinguishes between “agents” and “customers”), in which case pricing and functionality may vary according to the type of End User. You are responsible for compliance with these Terms by all End Users, including for any payment obligations. Please note that you are responsible for the activities of all your End Users, including Orders they may place and how End Users use Your Data, even if those End Users are not from your organization or domain. We may display our User Notice to End Users at sign up, account creation, Product registration, or in-product. If you use single sign-on (SSO) for identity management of your Product(s) such that End Users will bypass these screens and our User Notice, you are responsible for displaying our User Notice to End Users and for any damages resulting from your failure to do so.2.5.
Credentials. You must require that all End Users keep their user IDs and passwords for the Products strictly confidential and do not share such information with any unauthorized person. User IDs are granted to individual, named persons and may not be shared. You are responsible for any and all actions taken using End User Accounts and passwords, and you agree to immediately notify us of any unauthorized use of which you become aware.2.6.
Age Requirement for End Users. The Products are not intended for, and should not be used by, anyone under the age of 16. You are responsible for ensuring that all End Users are at least 16 years old.3. What's included in your Product subscriptions; what are the restrictions.3.1.
Access to Products. Subject to these Terms and during the applicable Subscription Term, you may access and use the Products for your own business purposes or personal use, as applicable, all in accordance with these Terms, the applicable Order and the Documentation. This includes the right, as part of your authorized use of the Products, to download and use the client software associated with the Products. The rights granted to you in this Section 3.1 are non-exclusive, non-sublicensable and non-transferable.3.2.
Support. During the Subscription Term, we will provide Support for the Products in accordance with the Support Policy, Enterprise Support and Services Policy (to the extent applicable), and the applicable Order.3.3.
Restrictions. Except as otherwise expressly permitted in these Terms, you will not: (a) reproduce, modify, adapt or create derivative works of the Products; (b) rent, lease, distribute, sell, sublicense, transfer or provide access to the Products to a third party; (c) use the Products for the benefit of any third party; (d) incorporate any Products into a product or service you provide to a third party; (e) interfere with or otherwise circumvent mechanisms in the Products intended to limit your use; (f) reverse engineer, disassemble, decompile, translate or otherwise seek to obtain or derive the source code, underlying ideas, algorithms, file formats or non-public APIs to any Products, except to the extent expressly permitted by applicable law (and then only upon advance notice to us); (g) remove or obscure any proprietary or other notices contained in any Product; (h) use the Products for competitive analysis or to build competitive products; (i) publicly disseminate information regarding the performance of the Products; or (j) encourage or assist any third party to do any of the foregoing.4. Our security and data privacy policies.4.1.
Security. We implement security procedures designed to help protect Your Data from security attacks.4.2.
Subpoenas. Nothing in these Terms prevents us from disclosing Your Data to the extent required by law, subpoenas or court orders, but we will use commercially reasonable efforts to notify you where permitted to do so. Subbr.group strives to balance your privacy rights with other legal requirements; to read more about Subbr.group’s policies and guidelines for law enforcement officials requesting access to customer data, please see our Guidelines for Law Enforcement Requests.4.5.
GDPR Data Processing Addendum. If you are in the EEAU, Switzerland, or are otherwise subject to the territorial scope of Regulation (EU) 2016/679 (General Data Protection Regulation) or any successor legislation, you can request and complete the Subbr.group Data Processing Addendum.5. Terms that apply to Your Data.5.1.
Using Your Data to provide Products to You. You retain all right, title and interest in and to Your Data in the form submitted to the Products. Subject to these Terms, and solely to the extent necessary to provide the Products to you, you grant us a worldwide, limited term license to access, use, process, copy, distribute, perform, export, and display Your Data. Solely to the extent that reformatting Your Data for display in a Product constitutes a modification or derivative work, the foregoing license also includes the right to make modifications and derivative works. We may also access your accounts, End User Accounts, and your Products with End User permission in order to respond to your support requests.5.2.
Your Data Compliance Obligations. You and your use of Products (including use by your End Users) must comply at all times with these Terms, the Acceptable Use Policy and all Laws. You represent and warrant that: (i) you have obtained all necessary rights, releases and permissions to submit all Your Data to the Products and to grant the rights granted to us in these Terms and (ii) Your Data and its submission and use as you authorize in these Terms will not violate (1) any Laws, (2) any third-party intellectual property, privacy, publicity or other rights, or (3) any of your or third-party policies or terms governing Your Data. Other than our express obligations under Section 4 (Our security and data privacy policies), we assume no responsibility or liability for Your Data, and you are solely responsible for Your Data and the consequences of submitting and using it with the Products.5.3.
No Sensitive Data. You will not submit to the Products (or use the Products to collect) any Sensitive Data. You also acknowledge that we are not acting as your Business Associate or subcontractor (as such terms are defined and used in HIPAA). The Products are neither HIPAA nor PCI DSS compliant. Notwithstanding any other provision to the contrary, we have no liability under these Terms for Sensitive Data.5.4.
Your Indemnity. You will defend, indemnify and hold harmless us (and our Affiliates, officers, directors, agents and employees) from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys’ fees and costs) resulting from any claim arising from or related to (i) your breach of Section 2.3 (End User Consent) or any claims or disputes brought by your End Users arising out of their use of Products, (ii) your breach (or alleged breach) of Sections 5.2 (Your Data Compliance Obligations) or 5.3 (No Sensitive Data); or (iii) Your Materials. This indemnification obligation is subject to you receiving (a) prompt written notice of such claim (but in any event notice in sufficient time for you to respond without prejudice); (b) the exclusive right to control and direct the investigation, defense or settlement of such claim and (c) all reasonable necessary cooperation by us at your expense.5.5.
Removals and Suspension. We have no obligation to monitor any content uploaded to the Products. Nonetheless, if we deem such action necessary based on your violation of these Terms, including Our Policies, or in response to takedown requests that we receive following our guidelines for Reporting Copyright and Trademark Violations, we may (1) remove Your Data from the Products or (2) suspend your access to the Products. We will use reasonable efforts to provide you with advance notice of removals and suspensions when practicable, but if we determine that your actions endanger the operation of the Product or other users, we may suspend your access or remove Your Data immediately without notice. We have no liability to you for removing or deleting Your Data from or suspending your access to any Products as described in this Section 5.5.6. Using third-party products with the Products.6.1.
Third-Party Products. You (including your End Users) may choose to use or procure other third party products or services in connection with the Products, including Third Party Apps (see Section 6.2 (Marketplace Apps)) or implementation, customization, training or other services. Your receipt or use of any third party products or services (and the third parties’ use of any of Your Data) is subject to a separate agreement between you and the third party provider. If you enable or use third party products or services with the Products (including Third Party Apps as referenced in Section 6.2 (Marketplace Apps)), we will allow the third party providers to access or use Your Data as required for the interoperation of their products and services with the Products. This may include transmitting, transferring, modifying or deleting Your Data, or storing Your Data on systems belonging to the third party providers or other third parties. Any third party provider’s use of Your Data is subject to the applicable agreement between you and such third party provider. We are not responsible for any access to or use of Your Data by third party providers or their products or services, or for the security or privacy practices of any third party provider or its products or services. You are solely responsible for your decision to permit any third party provider or third party product or service to use Your Data. It is your responsibility to carefully review the agreement between you and the third party provider, as provided by the applicable third party provider. WE DISCLAIM ALL LIABILITY AND RESPONSIBILITY FOR ANY THIRD PARTY PRODUCTS OR SERVICES (WHETHER SUPPORT, AVAILABILITY, SECURITY OR OTHERWISE) OR FOR THE ACTS OR OMISSIONS OF ANY THIRD PARTY PROVIDERS OR VENDORS. 7. Using Subbr.group developer assets.
Access to any of our APIs, SDKs or other Subbr.group developer assets is subject to the Subbr.group Developer Terms, which is a separate agreement.8. Additional Services.8.1.
Additional Services. Subject to these Terms, you may purchase Additional Services that we will provide to you pursuant to the applicable Order. Additional Services may be subject to additional policies and terms as specified by us.8.2.
Our Deliverables. We will retain all right, title and interest in and to Our Deliverables. You may use any of Our Deliverables provided to you only in connection with the Products, subject to the same usage rights and restrictions as for the Products. For clarity, Our Deliverables are not considered Products, and any Products are not considered to be Our Deliverables.8.3.
Your Materials. You agree to provide us with reasonable access to Your Materials as reasonably necessary for our provision of Additional Services. If you do not provide us with timely access to Your Materials, our performance of Additional Services will be excused until you do so. You retain your rights in Your Materials, subject to our ownership of any Products, any of Our Deliverables or any of Our Technology underlying Your Materials. We will use Your Materials solely for purposes of performing the Additional Services. You represent and warrant that you have all necessary rights in Your Materials to provide them to us for such purposes.8.4.
Training Not Covered. Your purchase, and our provision, of Training is subject to our Training Terms and Policies, which is a separate agreement.9. Billing, renewals, and payment.9.1.
Monthly and Annual Plans. Except for No-Charge Products, all Products are offered either on a monthly subscription basis or an annual subscription basis.9.2.
Renewals. Except as otherwise specified in your Order, unless either party cancels your subscription prior to expiration of the current Subscription Term, your subscription will automatically renew for another Subscription Term of a period equal to your initial Subscription Term. You will provide any notice of non-renewal through the means we designate, which may include account settings in the Products or contacting our support team. Cancelling your subscription means that you will not be charged for the next billing cycle, but you will not receive any refunds or credits for amounts that have already been charged. All renewals are subject to the applicable Product continuing to be offered and will be charged at the then-current rates.9.3.
Adding Users. You may add users, increase storage limits, or otherwise increase your use of Products by placing a new Order or modifying an existing Order. Unless otherwise specified in the applicable Order, we will charge you for any increased use at our then-current rates, prorated for the remainder of the then-current Subscription Term.9.4.
Payment. You will pay all fees in accordance with each Order, by the due dates and in the currency specified in the Order. If a PO number is required in order for an invoice to be paid, then you must provide such PO number to Subbr.group by emailing the PO number to email@example.com For Additional Services provided at any non-Subbr.group location, unless otherwise specified in your Order, you will reimburse us for our pre-approved travel, lodging and meal expenses, which we may charge as incurred. Other than as expressly set forth in Our return policy, Warranty Remedy, IP Indemnification or Changes to these Terms, all amounts are non-refundable, non-cancelable and non-creditable. You agree that we may bill your credit card or other payment method for renewals, additional users, overages to set limits or scopes of use, expenses, and unpaid fees, as applicable.9.5.
Delivery. We will deliver the login instructions for Products to your account or through other reasonable means no later than when we have received payment of the applicable fees. You are responsible for accessing your account to determine that we have received payment and that your Order has been processed. All deliveries under these Terms will be electronic.10. Our return policy.
As part of our commitment to customer satisfaction and without limiting the Performance Warranty in Section Warranties and Disclaimer, you may terminate your initial Order of a Product under these Terms, for no reason or any reason, by providing notice of termination to us no later than thirty (30) days after the Order date for such Product. In the event you terminate your initial Order under this Section 10, at your request (which may be made through your account with us), we will refund you the amount paid under such Order. This termination and refund right applies only to your initial Order of the Product and only if you exercise your termination right within the period specified above, and does not apply to Additional Services. You understand that we may change this practice in the future in accordance with Section Changes to these Terms.11. Taxes not included.11.1.
Taxes. Your fees under these Terms exclude any taxes or duties payable in respect of the Products in the jurisdiction where the payment is either made or received. To the extent that any such taxes or duties are payable by us, you must pay to us the amount of such taxes or duties in addition to any fees owed under these Terms. Notwithstanding the foregoing, if you have obtained an exemption from relevant taxes or duties as of the time such taxes or duties are levied or assessed, you may provide us with such exemption information, and we will use reasonable efforts to provide you with invoicing documents designed to enable you to obtain a refund or credit from the relevant revenue authority, if such a refund or credit is available.11.2.
Withholding Taxes. You will pay all fees net of any applicable withholding taxes. You and we will work together to avoid any withholding tax if exemptions, or a reduced treaty withholding rate, are available. If we qualify for a tax exemption, or a reduced treaty withholding rate, we will provide you with reasonable documentary proof. You will provide us reasonable evidence that you have paid the relevant authority for the sum withheld or deducted.12. If you purchased through a Reseller.
If you make any purchases through an authorized partner or reseller of Subbr.group (“Reseller”
):(a) Instead of paying us, you will pay the applicable amounts to the Reseller, as agreed between you and the Reseller. We may suspend or terminate your rights to use Products if we do not receive the corresponding payment from the Reseller.(b) Your order details (e.g., the Products you are entitled to use, the number of End Users, the Subscription Term, etc.) will be as stated in the Order placed with us by the Reseller on your behalf, and Reseller is responsible for the accuracy of any such Order as communicated to us.(c) If you are entitled to a refund under these Terms, then unless we otherwise specify, we will refund any applicable fees to the Reseller and the Reseller will be solely responsible for refunding the appropriate amounts to you.(d) Resellers are not authorized to modify these Terms or make any promises or commitments on our behalf, and we are not bound by any obligations to you other than as set forth in these Terms.13. No contingencies on other products of future functionality.
You acknowledge that the Products and Additional Services referenced in an Order are being purchased separately from any of our other products or services. Payment obligations for any products or services are not contingent on the purchase or use of any of our other products (and for clarity, any purchases of Products and Additional Services are separate and not contingent on each other, even if listed on the same Order). You agree that your purchases are not contingent on the delivery of any future functionality or features (including future availability of any Products beyond the current Subscription Term), or dependent on any oral or written public comments we make regarding future functionality or features.14. Evaluations, trials, and betas.
We may offer certain Products (including some Subbr.group Apps) to you at no charge, including free accounts, trial use and Beta Versions as defined below (collectively, “No-Charge Products”
). Your use of No-Charge Products is subject to any additional terms that we specify and is only permitted during the Subscription Term we designate (or, if not designated, until terminated in accordance with these Terms). Except as otherwise set forth in this Section 14, the terms and conditions of these Terms governing Products, including Section 3.3 (Restrictions), fully apply to No-Charge Products. We may modify or terminate your right to use No-Charge Products at any time and for any reason in our sole discretion, without liability to you. You understand that any pre-release and beta Products, and any pre-release and beta features within generally available Products, that we make available (collectively, “Beta Versions
”) are still under development, may be inoperable or incomplete and are likely to contain more errors and bugs than generally available Products. We make no promises that any Beta Versions will ever be made generally available. In some circumstances, we may charge a fee in order to allow you to access Beta Versions, but the Beta Versions will still remain subject to this Section 14. All information regarding the characteristics, features or performance of any No-Charge Products (including Beta Versions) constitutes our Confidential Information. To the maximum extent permitted by applicable law, we disclaim all obligations or liabilities with respect to No-Charge Products, including any Support, warranty and indemnity obligations. NOTWITHSTANDING ANYTHING ELSE IN THESE TERMS, OUR MAXIMUM AGGREGATE LIABILITY TO YOU IN RESPECT OF NO-CHARGE PRODUCTS WILL BE US$100.15. IP Rights in the Products and Feedback.
Products are made available on a limited access basis, and no ownership right is conveyed to you, irrespective of the use of terms such as “purchase” or “sale”. We and our licensors have and retain all right, title and interest, including all intellectual property rights, in and to Our Technology (including the Products). From time to time, you may choose to submit Feedback to us. We may in connection with any of our products or services freely use, copy, disclose, license, distribute and exploit any Feedback in any manner without any obligation, royalty or restriction based on intellectual property rights or otherwise. No Feedback will be considered your Confidential Information, and nothing in these Terms limits our right to independently use, develop, evaluate, or market products or services, whether incorporating Feedback or otherwise.16. Confidentiality.
Except as otherwise set forth in these Terms, each party agrees that all code, inventions, know-how and business, technical and financial information disclosed to such party (“Receiving Party”
) by the disclosing party ("Disclosing Party"
) constitute the confidential property of the Disclosing Party (“Confidential Information”
), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any of Our Technology and any performance information relating to the Products will be deemed our Confidential Information without any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under these Terms. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know, provided that they are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 16 and that the Receiving Party remains responsible for compliance by them with the terms of this Section 16. The Receiving Party's confidentiality obligations will not apply to information which the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may also disclose Confidential Information if so required pursuant to a regulation, law or court order (but only to the minimum extent required to comply with such regulation or order and with advance notice to the Disclosing Party). The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to appropriate equitable relief in addition to whatever other remedies it might have at law.17. Term and Termination.17.1.
Term. These Terms are effective as of the Effective Date and expire on the date of expiration or termination of all Subscription Terms.17.2.
Termination for Cause. Either party may terminate these Terms (including all related Orders) if the other party (a) fails to cure any material breach of these Terms within thirty (30) days after notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition or comparable proceeding, or if any such proceeding is instituted against that party (and not dismissed within sixty (60) days thereafter).17.3.
Termination for Convenience. You may choose to stop using the Products and terminate these Terms (including all Orders) at any time for any reason upon written notice to us, but, unless you are exercising your right to terminate early pursuant to Section 10 (Our return policy), upon any such termination (i) you will not be entitled to a refund of any pre-paid fees and (ii) if you have not already paid all applicable fees for the then-current Subscription Term or related services period (as applicable), any such fees that are outstanding will become immediately due and payable.17.4.
Effects of Termination. Upon any expiration or termination of these Terms, you must cease using all Products and delete (or at our request, return) all Confidential Information or other materials of ours in your possession, including on any third-party systems operated on your behalf. You will certify such deletion upon our request. You will not have access to Your Data (and we may delete all of Your Data unless legally prohibited) after expiration or termination of these Terms (or its applicable Subscription Term), so you should make sure to export Your Data using the functionality of the Products during the applicable Subscription Term. If you terminate these Terms in accordance with Section 17.2 (Termination for Cause), we will refund you any prepaid fees covering the remainder of the then-current Subscription Term after the effective date of termination. If we terminate these Terms in accordance with Section 17.2 (Termination for Cause), you will pay any unpaid fees covering the remainder of the then-current Subscription Term after the effective date of termination. In no event will termination relieve you of your obligation to pay any fees payable to us for the period prior to the effective date of termination. Except where an exclusive remedy may be specified in these Terms, the exercise by either party of any remedy, including termination, will be without prejudice to any
other remedies it may have under these Terms, by law or otherwise.17.5.
Survival. The following provisions will survive any termination or expiration of these Terms: Sections 3.3 (Restrictions), 5.4 (Your Indemnity), 6.1 (Third-Party Products), 9.4 (Payment), 11 (Taxes not included), 14 (Evaluations, trials, and betas) (disclaimers and use restrictions only), 15 (IP Rights in the Products and Feedback), 16 (Confidentiality), 17 (Term and Termination), 18.4 (Warranty Disclaimer), 19 (Limitations of Liability), 20 (IP Indemnification) (but solely with respect to claims arising from your use of Products during the Subscription Term), 22 (Dispute Resolution) and 26 (General Provisions).18 Warranties and Disclaimer.18.1.
Mutual Warranties. Each party represents and warrants that it has the legal power and authority to enter into these Terms.18.2.
Our Warranties. We warrant, for your benefit only, that we use commercially reasonable efforts to prevent introduction of viruses, Trojan horses or similar harmful materials into the Products (but we are not responsible for harmful materials submitted by you or End Users) (the “Performance Warranty”
Warranty Remedy. We will use commercially reasonable efforts, at no charge to you, to correct reported non-conformities with the Performance Warranty. If we determine corrections to be impracticable, either party may terminate the applicable Subscription Term. In this case, you will receive a refund of any fees you have pre-paid for use of the Product for the terminated portion of the applicable Subscription Term. The Performance Warranty will not apply: (i) unless you make a claim within thirty (30) days of the date on which you first noticed the non-conformity, (ii) if the non-conformity was caused by misuse, unauthorized modifications or third-party products, software, services or equipment or (iii) to No-Charge Products. Our sole liability, and your sole and exclusive remedy, for any breach of the Performance Warranty are set forth in this Section 18.18.4.
WARRANTY DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 18, ALL PRODUCTS, SUPPORT AND ADDITIONAL SERVICES ARE PROVIDED “AS IS,” AND WE AND OUR SUPPLIERS EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND REPRESENTATIONS OF ANY KIND, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT, TITLE, FITNESS FOR A PARTICULAR PURPOSE, FUNCTIONALITY OR MERCHANTABILITY, WHETHER EXPRESS, IMPLIED OR STATUTORY. WITHOUT LIMITING OUR EXPRESS OBLIGATIONS IN THESE TERMS, WE DO NOT WARRANT THAT YOUR USE OF THE PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT WE WILL REVIEW YOUR DATA FOR ACCURACY OR THAT WE WILL PRESERVE OR MAINTAIN YOUR DATA WITHOUT LOSS. YOU UNDERSTAND THAT USE OF THE PRODUCTS NECESSARILY INVOLVES TRANSMISSION OF YOUR DATA OVER NETWORKS THAT WE DO NOT OWN, OPERATE OR CONTROL, AND WE ARE NOT RESPONSIBLE FOR ANY OF YOUR DATA LOST, ALTERED, INTERCEPTED OR STORED ACROSS SUCH NETWORKS. WE CANNOT GUARANTEE THAT OUR SECURITY PROCEDURES WILL BE ERROR-FREE, THAT TRANSMISSIONS OF YOUR DATA WILL ALWAYS BE SECURE OR THAT UNAUTHORIZED THIRD PARTIES WILL NEVER BE ABLE TO DEFEAT OUR SECURITY MEASURES OR THOSE OF OUR THIRD PARTY SERVICE PROVIDERS. WE WILL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR OTHER SYSTEMS OUTSIDE OUR REASONABLE CONTROL. YOU MAY HAVE OTHER STATUTORY RIGHTS, BUT THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, WILL BE LIMITED TO THE SHORTEST PERIOD PERMITTED BY LAW.19. Limitation of Liability.19.1.
Consequential Damages Waiver. EXCEPT FOR EXCLUDED CLAIMS (AS DEFINED BELOW), NEITHER PARTY (NOR ITS SUPPLIERS) WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS FOR ANY LOSS OF USE, LOST OR INACCURATE DATA, LOST PROFITS, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, COSTS OF DELAY, OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE OR CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. 19.2.
Liability Cap. EXCEPT FOR EXCLUDED CLAIMS, EACH PARTY’S AND ITS SUPPLIERS’ AGGREGATE LIABILITY TO THE OTHER ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED THE AMOUNT ACTUALLY PAID OR PAYABLE BY YOU TO US UNDER THESE TERMS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM.19.3.
Excluded Claims. “Excluded Claims”
means (1) amounts owed by you under any Orders, (2) either party’s express indemnification obligations in these Terms, and (3) your breach of Section 3.3 (Restrictions) or of Section 2 (Combining the Products with Open Source Software) of Third Party Code in Subbr.group Products.19.4.
Nature of Claims and Failure of Essential Purpose. The parties agree that the waivers and limitations specified in this Section 19 apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in these Terms is found to have failed of its essential purpose.20. IP Indemnification.
We will defend you against any claim brought against you by a third party alleging that the Products, when used as authorized under these Terms, infringe a patent right granted in the United States, Australia or a member nation of the European Union or a copyright registered in such a jurisdiction (a “Claim”
), and we will indemnify you and hold you harmless against any damages and costs finally awarded on the Claim by a court of competent jurisdiction or agreed to via settlement executed by us (including reasonable attorneys’ fees), provided that we have received from you: (a) prompt written notice of the Claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the Claim, including providing us a copy of the Claim, all relevant evidence in your possession, custody, or control, and cooperation with evidentiary discovery, litigation, and trial, including making witnesses within your employ or control available for testimony; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the Claim. If your use of the Products is (or in your opinion is likely to be) enjoined, whether by court order or by settlement, or if we determine such actions are reasonably necessary to avoid material liability, we may, at our option and in our discretion: (i) procure the right for your continued use of the Product in accordance with these Terms; (ii) substitute a substantially functionally similar Product; or (iii) terminate your right to continue using the Product and refund any prepaid amounts for the terminated portion of the Subscription Term. Our indemnification obligations above do not apply: (1) if the total aggregate fees we receive with respect to your subscription to a Product in the twelve (12) month period immediately preceding the Claim is less than US$50,000; (2) if the Product is modified by any party other than us, but solely to the extent the alleged infringement is caused by such modification; (3) if the Product is used in combination with any non-Subbr.group product, software, service or equipment, but solely to the extent the alleged infringement is caused by such combination; (4) to unauthorized use of Products; (5) to any Claim arising as a result of (y) Your Data or circumstances covered by your indemnification obligations in Section 5.4 (Your Indemnity) or (z) any third-party deliverables or components contained with the Products or (6) if you settle or make any admissions with respect to a Claim without our prior written consent. THIS SECTION 20 (IP INDEMNIFICATION) STATES OUR SOLE LIABILITY AND YOUR EXCLUSIVE REMEDY FOR ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS IN CONNECTION WITH ANY PRODUCT OR OTHER ITEMS WE PROVIDE UNDER THESE TERMS.21. Publicity Rights.
We may identify you as an Subbr.group customer in our promotional materials. We will promptly stop doing so upon your request sent to firstname.lastname@example.org
. 22. Dispute Resolution. 22.1.
Informal Resolution. In the event of any controversy or claim arising out of or relating to these Terms, the parties will consult and negotiate with each other and, recognizing their mutual interests, attempt to reach a solution satisfactory to both parties. If the parties do not reach settlement within a period of sixty (60) days, either party may pursue relief as may be available under these Terms pursuant to Section 22.2 (Governing Law; Jurisdiction). All negotiations pursuant to this Section 22.1 will be confidential and treated as compromise and settlement negotiations for purposes of all rules and codes of evidence of applicable legislation and jurisdictions.22.2.
Governing Law; Jurisdiction. These Terms will be governed by and construed in accordance with the applicable laws of the State of California, USA, without giving effect to the principles of that State relating to conflicts of laws. Each party irrevocably agrees that any legal action, suit or proceeding arising out of or related to these Terms must be brought solely and exclusively in, and will be subject to the service of process and other applicable procedural rules of, the State or Federal court in San Francisco, California, USA, and each party irrevocably submits to the sole and exclusive personal jurisdiction of the courts in San Francisco, California, USA, generally and unconditionally, with respect to any action, suit or proceeding brought by it or against it by the other party. In any action or proceeding to enforce a party’s rights under these Terms, the prevailing party will be entitled to recover its reasonable costs and attorneys’ fees.22.3.
Injunctive Relief; Enforcement. Notwithstanding the provisions of Section 22.1 (Informal Resolution) and 22.2 (Governing Law; Jurisdiction), nothing in these Terms will prevent us from seeking injunctive relief with respect to a violation of intellectual property rights, confidentiality obligations or enforcement or recognition of any award or order in any appropriate jurisdiction.22.4.
Exclusion of UN Convention and UCITA. The terms of the United Nations Convention on Contracts for the Sale of Goods do not apply to these Terms. The Uniform Computer Information Transactions Act (UCITA) will not apply to these Terms regardless of when or where adopted.23. Export Restrictions.
The Products are subject to export restrictions by the United States government and may be subject to import restrictions by certain foreign governments, and you agree to comply with all applicable export and import laws and regulations in your access to, use of, and download of the Products (or any part thereof). You shall not (and shall not allow any third-party to) remove or export from the United States or allow the export or re-export of any part of the Products or any direct product thereof: (a) into (or to a national or resident of) any embargoed or terrorist-supporting country; (b) to anyone on the U.S. Commerce Department’s Denied Persons, Entity, or Unverified Lists or the U.S. Treasury Department’s list of Specially Designated Nationals and Consolidated Sanctions list (collectively, “Prohibited Persons”
); (c) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (d) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. You represent and warrant that (i) you are not located in, under the control of, or a national or resident of any such prohibited country and (ii) none of Your Data is controlled under the U.S. International Traffic in Arms Regulations or similar Laws in other jurisdictions. You also certify that you are not a Prohibited Person nor owned, controlled by, or acting on behalf of a Prohibited Person. You agree not to use or provide the Products for any prohibited end use, including to support any nuclear, chemical, or biological weapons proliferation, or missile technology, without the prior permission of the United States government.24. Changes to these Terms.
We may modify the terms and conditions of these Terms (including Our Policies) from time to time, with notice to you in accordance with Section 26.1 (Notices) or by posting the modified Terms on our website. Together with notice, we will specify the effective date of the modifications.24.1.
You must accept the modifications to continue using the No-Charge Products. If you object to the modifications, your exclusive remedy is to cease using the No-Charge Products.24.2.
Paid Subscriptions. Except as otherwise indicated below, modifications to these Terms will take effect at the next renewal of your Subscription Term and will automatically apply as of the renewal date unless you elect not to renew pursuant to Section 9.2 (Renewals). Notwithstanding the foregoing, in some cases (e.g., to address compliance with Laws, or as necessary for new features) we may specify that such modifications become effective during your then-current Subscription Term. If the effective date of such modifications is during your then-current Subscription Term and you object to the modifications, then (as your exclusive remedy) you may terminate your affected Orders upon notice to us, and we will refund you any fees you have pre-paid for use of the affected Products for the terminated portion of the applicable Subscription Term. To exercise this right, you must provide us with notice of your objection and termination within thirty (30) days of us providing notice of the modifications. For the avoidance of doubt, any Order is subject to the version of these Terms in effect at the time of the Order.24.3.
Our Policies. We may modify Our Policies to take effect during your then-current Subscription Term in order to respond to changes in our products, our business, or Laws. In this case, unless required by Laws, we agree not to make modifications to Our Policies that, considered as a whole, would substantially diminish our obligations during your then-current Subscription Term. Modifications to Our Policies will take effect automatically as of the effective date specified for the updated policies.25. Changes to the Products.
You acknowledge that the Products are on-line, subscription-based products, and that in order to provide improved customer experience we may make changes to the Products, and we may update the applicable Documentation accordingly. Subject to our obligation to provide Products and Additional Services under existing Orders, we can discontinue any Products, any Additional Services, or any portion or feature of any Products for any reason at any time without liability to you.26. General Provisions.26.1.
Notices. Any notice under these Terms must be given in writing. We may provide notice to you through your Notification Email Address, your account or in-product notifications. You agree that any electronic communication will satisfy any applicable legal communication requirements, including that such communications be in writing. Any notice to you will be deemed given upon the first business day after we send it. You will provide notice to us by post to Subbr.group Pty Ltd, c/o Subbr.group, Inc., 350 Bush Street, Floor 13, San Francisco, CA, USA 94104, Attn: General Counsel. Your notices to us will be deemed given upon receipt.26.2.
Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under these Terms (except for a failure to pay fees) if the delay or failure is due to events which are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.26.3.
Assignment. You may not assign or transfer these Terms without our prior written consent. As an exception to the foregoing, you may assign these Terms in their entirety (including all Orders) to your successor resulting from a merger, acquisition, or sale of all or substantially all of your assets or voting securities, provided that you provide us with prompt written notice of the assignment and the assignee agrees in writing to assume all of your obligations under these Terms. Any attempt by you to transfer or assign these Terms except as expressly authorized above will be null and void. We may assign our rights and obligations under these Terms (in whole or in part) without your consent. We may also permit our Affiliates, agents and contractors to exercise our rights or perform our obligations under these Terms, in which case we will remain responsible for their compliance with these Terms. Subject to the foregoing, these Terms will inure to the parties’ permitted successors and assigns.26.4.
Government End Users. Any United States federal, state, or local government customers are subject to the Government Amendment in addition to these Terms.26.5.
Entire Agreement. These Terms are the entire agreement between you and us relating to the Products and any other subject matter covered by these Terms, and supersede all prior or contemporaneous oral or written communications, proposals and representations between you and us with respect to the Products or any other subject matter covered by these Terms. No provision of any purchase order or other business form employed by you will supersede or supplement the terms and conditions of these Terms, and any such document relating to these Terms will be for administrative purposes only and will have no legal effect.26.6.
Conflicts. In event of any conflict between the main body of these Terms and either Our Policies or Product-Specific Terms, Our Policies or Product-Specific Terms (as applicable) will control with respect to their subject matter.26.7.
Waivers; Modifications. No failure or delay by the injured party to these Terms in exercising any right, power or privilege hereunder will operate as a waiver thereof, nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right, power or privilege hereunder at law or equity. Except as set forth in Section 24 (Changes to these Terms), any amendments or modifications to these Terms must be executed in writing by an authorized representative of each party.26.8.
Interpretation. As used herein, “including” (and its variants) means “including without limitation” (and its variants). Headings are for convenience only. If any provision of these Terms is held to be void, invalid, unenforceable or illegal, the other provisions will continue in full force and effect.26.9.
Independent Contractors. The parties are independent contractors. These Terms will not be construed as constituting either party as a partner of the other or to create any other form of legal association that would give either party the express or implied right, power or authority to create any duty or obligation of the other party.27. Definitions.
Certain capitalized terms are defined in this Section 27, and others are defined contextually in these Terms.“Additional Services”
means Technical Account Manager (TAM) services, premier or priority support or other services related to the Products we provide to you, as identified in an Order. For the avoidance of doubt, Additional Services do not include the standard level of support included in your subscription.“Administrators”
mean the personnel designated by you who administer the Products to End Users on your behalf.“Affiliate”
means an entity which, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party, where “control” means the power to direct the management or affairs of an entity, and “ownership” means the beneficial ownership of greater than 50% of the voting equity securities or other equivalent voting interests of the entity.“Products”
means our hosted or cloud-based solutions (currently designated as “Cloud” deployments), including any client software we provide as part of the Products.“Documentation”
means our standard published documentation for the Products.“End User”
means an individual you or an Affiliate permits or invites to use the Products. For the avoidance of doubt: (a) individuals invited by your End Users, (b) individuals under managed accounts, and (c) individuals interacting with a Product as your customer are also considered End Users.“End User Account”
means an account established by you or an End User to enable the End User to use or access a Product.“Feedback”
means comments, questions, ideas, suggestions or other feedback relating to the Products, Support or Additional Services.“HIPAA”
means the Health Insurance Portability and Accountability Act, as amended and supplemented.“Laws”
means all applicable local, state, federal and international laws, regulations and conventions, including those related to data privacy and data transfer, international communications and the exportation of technical or personal data.“Notification Email Address”
means the email address(es) you used to register for a Product account or otherwise sign up for a Product. It is your responsibility to keep your email address(es) valid and current so that we are able to send notices, statements, and other information to you.“Order”
means Subbr.group’s applicable online order page(s), flows, in-product screens or other Subbr.group-approved ordering document or process describing the products and services you are ordering from us and, as applicable, their permitted scope of use. As applicable, the Order will identify: (i) the Products, (ii) the number of End Users, Subscription Term, domain(s) associated with your use of Products, storage capacity or limits, or other scope of use parameters and (iii) (for paid Orders) the amount or rate you will be charged, the billing and renewal terms, applicable currency, and form of payment. Orders may also include Additional Services and No-Charge Products.“Our Deliverables”
means any materials, deliverables, modifications, derivative works or developments that we provide in connection with any Additional Services. “Our Technology”
means the Products (including all No-Charge Products), Our Deliverables, their “look and feel”, any and all related or underlying technology and any modifications or derivative works of the foregoing, including as they may incorporate Feedback.“PCI DSS”
means the Payment Card Industry Data Security Standards.“PO”
means a purchase order.“Product-Specific Terms”
means additional terms that apply to certain Products and Additional Services.“Sensitive Data”
means any (i) categories of data enumerated in European Union Regulation 2016/679, Article 9(1) or any successor legislation; (ii) patient, medical or other protected health information regulated by HIPAA; (iii) credit, debit or other payment card data subject to PCI DSS; (iv) other information subject to regulation or protection under specific laws such as the Gramm-Leach-Bliley Act (or related rules or regulations); (v) social security numbers, driver’s license numbers or other government ID numbers; or (vi) any data similar to the foregoing that is protected under foreign or domestic laws or regulations.“Subscription Term”
means your permitted subscription period for a Product, as set forth in the applicable Order.“Support”
means support for the Products.“Training”
means subbr.group-provided training and certification services.“Your Data”
means any data, content, code, video, images or other materials of any type that you (including any of your End Users) submit to Products. In this context, “submit” (and any similar term) includes submitting, uploading, transmitting or otherwise making available Your Data to or through the Products.“Your Materials”
means your materials, systems, personnel or other resources.
Cookies & Tracking Notice
. Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below. What information we collect about youWe collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below. Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us. Account and Profile Information:
We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.Content you provide through our products:
The Services include the Subbr.group products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the summary and description added to a JIRA issue, the pages you create in Confluence, the messages you exchange in Stride, your repositories and pull requests in Bitbucket, comments you enter in connection with an incident in Statuspage, and any feedback you provide to us. Content also includes the files and links you upload to the Services. If you use a server or data center version of the Services, we do not host, store, transmit, receive or collect information about you (including your content), except in limited cases, where permitted by your administrator: we collect feedback you provide directly to us through the product and; we collect content using analytics techniques that hash, filter or otherwise scrub the information to exclude information that might identify you or your organization; and we collect clickstream data about how you interact with and use features in the Services. Server and data center administrators can disable our collection of this information from the Services via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level. Content you provide through our websites:
The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events. Information you provide through our support channels:
The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.Payment Information:
We collect certain payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services. Your use of the Services
: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently. If you use a server or data center version of the Services, the information we collect about your use of the Services is limited to clickstream data about how you interact with and use features in the Services, in addition to content-related information described in "Content you provide thorugh our products," above. Server and data center administrators can disable our collection of this information from the Services via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level. Device and Connection Information
: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level. Cookies and Other Tracking Technologies
We receive information about you from other Service users, from third-party services, from our related companies, and from our business and channel partners. Other users of the Services
: Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned in a JIRA issue opened by someone else. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company's account. Other services you link to your account
: We work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, what Subbr.group products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in. Other Partners
: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements. How we use information we collectHow we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.To provide the Services and personalize your experience
: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use the name and picture you provide in your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you and your team. For example, we may use your stated job title and activity to return search results we think are relevant to your job function. We also use information about you to connect you with other team members seeking your subject matter expertise. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our websites. For research and development
: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For example, to improve the @mention feature, we automatically analyze recent interactions among users and how often they @mention one another to surface the most relevant connections for users. We automatically analyze and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users. To communicate with you about the Services
: We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We send you email notifications when you or others interact with you on the Services, for example, when you are @mentioned on a page or ticket or when a task if assigned to you. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services that would make that task easier. We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases you cannot opt out of them. If an opt out is available, you will find that option within the communication itself or in your account settings. To market, promote and drive engagement with the Services:
We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying Subbr.group ads on other companies' websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below under "Opt-out of communications."Customer support
: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.For safety and security
: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies. To protect our legitimate business interests and legal rights:
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business. With your consent
: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission. Legal bases for processing (for EEA users)
: If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;You give us consent to do so for a specific purpose; orWe need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services. How we share information we collectWe make collaboration tools, and we want them to work well for you. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.Sharing with other Service users
When you use the Services, we share certain information about you with other Service users.For collaboration
: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. For example, when you comment on a Confluence page or Jira issue, we display your profile picture and name next to your comments so that other users with access to the page or issue understand who made the comment. When you send a Stride message to another user, the recipient can view any information in your profile card. Similarly, when you publish a Confluence page, your name is displayed as the author of that page, and Service users with permission to view the page can view your profile information as well. Please be aware that some aspects of the Services like Confluence pages or Bitbucket repositories can be made publicly available, meaning any content posted, including information about you, can be publicly viewed and indexed by and returned in search results of search engines. You can confirm whether certain Service properties are publicly visible from within the Services or by contacting the relevant administrator.Managed accounts and administrators
: If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain. If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests. Community Forums
: Our websites offer publicly accessible blogs, forums, issue trackers, and/or wikis. You should be aware that any information you provide on these websites - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses these websites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.Sharing with third parties
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.Service Providers
: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.Subbr.group Partners
: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with these third parties where you have agreed to that sharing.Third Party Apps
: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one. Third-Party Widgets
: We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial. Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights
: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Subbr.group, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. Sharing with affiliated companies
We use industry standard technical and organizational measures to secure the information we store. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you and not Subbr.group . We strongly recommend that server or data center users configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. Account information
: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you. Information you share on the Services
: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided. Managed accounts
: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see "Managed accounts and administrators" above.Marketing information
: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Subbr.group account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created. How to access and control your informationYou have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.Your Choices
: You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.Access and update your information
: Our Services and related documentation give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content containing information about you using key word searches in the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.Deactivate your account
: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator.
If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Subbr.group support
. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services. For more information on how to delete your information, see below. Delete your information
: Our Services and related documentation give you the ability to delete certain information about you from within the Service. For example, you can remove content that contains information about you using the key word search and editing tools associated with that content, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. Request that we stop using your information
: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable). If you object to information about you being shared with a third-party app, please disable the app or contact your administrator to do so.Opt out of communications
: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings. You may be able to opt out of receiving personalized advertisements from other companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. Turn off Cookie Controls
: Relevant browser-based cookie controls are described in our Cookies & Tracking Notice.Send "Do Not Track" Signals
: Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.Data portability
: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces you under your sole control, like your personal Bitbucket repository. How we transfer information we collect internationallyInternational transfers of information we collect
We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it. International transfers to third parties
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy. Administrators are able to:require you to reset your account password;restrict, suspend or terminate your access to the Services;access information in and about your account;access or retain information stored as part of your account;install or uninstall third-party apps or other integrations
In some cases, administrators can also:restrict, suspend or terminate your account access;change the email address associated with your account;change your information, including profile information;restrict your ability to edit, restrict, modify or delete information
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens. If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.Please contact your organization or refer to your administrator’s organizational policies for more information.Our policy towards children
Your information is controlled by Subbr.group AG. If you have questions or concerns about how your information is handled, please direct your inquiry to Subbr.group AG, which we have appointed to be responsible for facilitating such inquiries.