Welcome to the https://www.warebuy.com/partner site. WareBuy provides this site to you subject to the following conditions. By visiting the https://www.warebuy.com/partner site (the “Site”), you accept these conditions. Please read them carefully.
These ‘Terms and Conditions’ constitute an electronic record within the meaning of the applicable law. This electronic record is generated by a computer system and does not require any physical or digital-signatures.
TERMS AND CONDITIONS
To begin the enrollment process, you must complete the registration process as provider of one or more of the Services. Use of the Services is limited to parties that can lawfully enter into and form contracts under applicable Law (for example, the Elected Country may not allow minors to use the Services). As part of the application, you must provide us with your business' legal name, address, phone number and e-mail address. We may at any time cease providing any or all of the Services at our sole discretion and without notice.
2. Term and Termination.
The term of this Agreement will start on the date of your completed registration for or use of a Service, whichever occurs first, and continue until terminated by us or you as provided in this Agreement (the "Term"). We may terminate or suspend this Agreement or any Service for any reason at any time by giving notice to you. You may terminate this Agreement or any Service for any reason at any time by the means then specified by WareBuy. Termination or suspension of a Service will not terminate or suspend any other Service unless explicitly provided. Upon termination, all rights and obligations of the parties under this Agreement will terminate, except that Sections ______ will survive termination. Any terms that expressly survive according to the applicable Service Terms will also survive termination.
3. UNSOLICITED IDEA SUBMISSION POLICY
WAREBUY OR ANY OF ITS EMPLOYEES DO NOT ACCEPT OR CONSIDER UNSOLICITED IDEAS, INCLUDING IDEAS FOR NEW ADVERTISING CAMPAIGNS, NEW PROMOTIONS, NEW PRODUCTS OR TECHNOLOGIES, PROCESSES, MATERIALS, MARKETING PLANS OR NEW PRODUCT NAMES. PLEASE DO NOT SEND ANY ORIGINAL CREATIVE ARTWORK, SAMPLES, DEMOS, OR OTHER WORKS. THE SOLE PURPOSE OF THIS POLICY IS TO AVOID POTENTIAL MISUNDERSTANDINGS OR DISPUTES WHEN WAREBUY'S PRODUCTS OR MARKETING STRATEGIES MIGHT SEEM SIMILAR TO IDEAS SUBMITTED TO WAREBUY. SO, PLEASE DO NOT SEND YOUR UNSOLICITED IDEAS TO WAREBUY OR ANYONE AT WAREBUY. IF, DESPITE OUR REQUEST THAT YOU NOT SEND US YOUR IDEAS AND MATERIALS, YOU STILL SEND THEM, PLEASE UNDERSTAND THAT WAREBUY MAKES NO ASSURANCES THAT YOUR IDEAS AND MATERIALS WILL BE TREATED AS CONFIDENTIAL OR PROPRIETARY.
WareBuy shall have the right, but not the obligation, to monitor the content of www.WareBuy, including communications and forums, to determine compliance with this Agreement and any operating rules established by WareBuy and to satisfy any law, regulation or authorized government request. WareBuy shall have the right in its sole discretion to edit, refuse to post or remove any material submitted to or posted on www.WareBuy. Without limiting the foregoing, WareBuy shall have the right to remove any material that WareBuy, in its sole discretion, finds to be in violation of the provisions hereof or otherwise objectionable.
You release us and agree to indemnify, defend, and hold harmless us, our Affiliates, and our and their respective officers, directors, employees, representatives, and agents against any claim, loss, damage, settlement, cost, expense, or other liability (including, without limitation, attorneys' fees) (each, a "Claim") arising from or related to: (a) your actual or alleged breach of any obligations in this Agreement; (b) any of Your Sales Channels other than WareBuy, Your Products (including offer, sale, performance, and fulfillment), any actual or alleged infringement of any Intellectual Property Rights by any of the foregoing, and any personal injury, death, or property damage related thereto; (c) Your Personnel (including any act or omission of Your Personnel or any Claim brought or directed by Your Personnel); or (d) Your Taxes. You will use counsel reasonably satisfactory to us to defend each indemnified Claim. If at any time we reasonably determine that any indemnified Claim might adversely affect us, we may take control of the defense and you agree to indemnify us against the cost involved. You may not consent to the entry of any judgment or enter into any settlement of a Claim without our prior written consent, which may not be unreasonably withheld.
You represent and warrant to us that: (a) if you are a business, you are duly organized, validly existing and in good standing under the Laws of the country in which your business is registered and that you are registering for the Service(s) within such country; (b) you have all requisite right, power, and authority to enter into this Agreement, perform your obligations, and grant the rights, licenses, and authorizations in this Agreement; (c) any information provided or made available by you or your Affiliates to WareBuy or its Affiliates is at all times accurate and complete; (d) you and your financial institution(s) are not subject to sanctions or otherwise designated on any list of prohibited or restricted parties or owned or controlled by such a party, including but not limited to the lists maintained by the United Nations Security Council, the US Government (e.g., the US Department of Treasury’s Specially Designated Nationals list and Foreign Sanctions Evaders list and the US Department of Commerce’s Entity List), the European Union or its member states, or other applicable government authority; and (e) you and all of your subcontractors, agents, and suppliers will comply with all applicable Laws in your performance of your obligations and exercise of your rights under this Agreement.
7. Disclaimer & General Release.
THE WAREBUY, INCLUDING ALL CONTENT, SOFTWARE, FUNCTIONS, MATERIALS, AND INFORMATION MADE AVAILABLE ON OR PROVIDED IN CONNECTION WITH THE SERVICES, ARE PROVIDED "AS-IS." AS A USER OF THE SERVICES, YOU USE THE WAREBUY AT YOUR OWN RISK. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, WE AND OUR AFFILIATES DISCLAIM: (i) ANY REPRESENTATIONS OR WARRANTIES REGARDING THIS AGREEMENT, THE SERVICES OR THE TRANSACTIONS CONTEMPLATED BY THIS AGREEMENT, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT; (ii) IMPLIED WARRANTIES ARISING OUT OF COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE; AND (iii) ANY OBLIGATION, LIABILITY, RIGHT, CLAIM, OR REMEDY IN TORT, WHETHER OR NOT ARISING FROM OUR NEGLIGENCE. WE DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN WAREBUY AND THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE, TIMELY, SECURE, UNINTERRUPTED, OR ERROR FREE, AND WE WILL NOT BE LIABLE FOR ANY SERVICE INTERRUPTIONS, INCLUDING BUT NOT LIMITED TO SYSTEM FAILURES OR OTHER INTERRUPTIONS THAT MAY AFFECT THE RECEIPT, PROCESSING, ACCEPTANCE, COMPLETION, OR SETTLEMENT OF ANY TRANSACTIONS.
8. Limitation of Liability.
WE WILL NOT BE LIABLE (WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY, OR OTHER THEORY), OR OTHERWISE) TO YOU OR ANY OTHER PERSON FOR COST OF COVER, RECOVERY, OR RECOUPMENT OF ANY INVESTMENT MADE BY YOU OR YOUR AFFILIATES IN CONNECTION WITH THIS AGREEMENT, OR FOR ANY LOSS OF PROFIT, REVENUE, BUSINESS, OR DATA OR PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT, EVEN IF WAREBUY HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE COSTS OR DAMAGES. FURTHER, OUR AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED WILL NOT EXCEED AT ANY TIME THE TOTAL AMOUNTS PAID BY YOU TO WAREBUY IN CONNECTION WITH THE PARTICULAR TRANSACTION GIVING RISE TO THE CLAIM.
9. Payment Terms.
You agree that WareBuy will act as custodian of the transaction amount. WareBuy will deduct its commission at an agreed rate and release the remainder after the product is delivered as per the client’s satisfaction. For cancellation, refund and return procedures please click here.
10. Tax Matters.
As between the parties, you will be responsible for the collection, reporting, and payment of any and all of Your Taxes, except to the extent that (i) WareBuy automatically calculates, collects, or remits taxes on your behalf according to applicable law; or (ii) WareBuy expressly agrees to receive taxes or other transaction-based charges on your behalf in connection with tax calculation services made available by WareBuy and used by you. All fees and payments payable by you to WareBuy under this Agreement or the applicable Service Terms are exclusive of any applicable taxes, deductions or withholding (including but not limited to cross-border withholding taxes), and you will be responsible for paying WareBuy any of Your Taxes imposed on such fees and any deduction or withholding required on any payment.
During the course of your use of the Services, you may receive information relating to us or to the Services, including but not limited to WareBuy Transaction Information, that is not known to the general public ("Confidential Information"). You agree that: (a) all Confidential Information will remain WareBuy's exclusive property; (b) you will use Confidential Information only as is reasonably necessary for your participation in the Services; (c) you will not otherwise disclose Confidential Information to any other Person; and (d) you will take all reasonable measures to protect the Confidential Information against any use or disclosure that is not expressly permitted in this Agreement. You may not issue any press release or make any public statement related to the Services, or use our name, trademarks, or logo, in any way (including in promotional material) without our advance written permission, or misrepresent or embellish the relationship between us in any way.
12. Force Majeure.
Neither party will be liable for any delay or failure to perform any of our obligations under this Agreement by reasons, events or other matters beyond our reasonable control.
13. Relationship of Parties.
14. Your Products, Services and Relevant Information.
You will provide in the format we require accurate and complete Required Product and Services Information for each product or service that you offer through any WareBuy and promptly update that information as necessary to ensure it at all times remains accurate and complete. You will also ensure that Your Products and/or Services, subsequent sale of any of the same on WareBuy comply with all applicable Laws and do not contain any sexually explicit (except to the extent expressly permitted under governing laws), defamatory or obscene materials. You may not provide any information for, or otherwise seek to offer any Excluded Products on WareBuy; or provide any URL Marks for use, or request that any URL Marks be used, on WareBuy. If you offer a product for sale on WareBuy that requires a warning under any governing and applicable law, you (a) will provide us with such warning in the manner specified by such law, (b) agree that our display of such Warning on a product detail page is confirmation of our receipt of that warning, and (c) will only revise or remove a Warning for a product/service when the prior warning is no longer legally required.
16. Electronic Communications
When you visit the Site or send e-mails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on this Site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.
All content included on this Site, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is the property of WareBuy or its affiliates or its content suppliers and protected by United States, India and international copyright laws. The compilation of all content on this Site is the exclusive property of WareBuy or its affiliates and protected by United States, India and international copyright laws. All software used on this Site is the property of WareBuy, its affiliates or its software suppliers and protected by United States, India and international copyright laws.
WareBuy, the WareBuy logo and other marks indicated on our Site are trademarks of WareBuy or its affiliates in the United States and other countries. Other WareBuy graphics, logos, page headers, button icons, scripts, videos, infographics and service names are trademarks or trade dress of WareBuy or its affiliates. WareBuy and its affiliates’ trademarks and trade dress may not be used in connection with any product or service that is not WareBuy or its affiliates’ as applicable, in any manner that is likely to cause confusion among users, or in any manner that disparages or discredits WareBuy or its affiliates. All other trademarks not owned by WareBuy or its affiliates that appear on this site are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by WareBuy or its affiliates.
19. License and Site Access
WareBuy grants you a limited license to access and make personal use of this Site and not to download (other than page caching) or modify it, or any portion of it, except with express written consent of WareBuy and / or its affiliates, as may be applicable. This license does not include any resale or commercial use of this site or its contents; any derivative use of this site or its contents; or any use of data mining, robots, or similar data gathering and extraction tools. This site or any portion of this site (including but not limited to any copyrighted material, trademarks, or other proprietary information) may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent of WareBuy and / or its affiliates, as may be applicable. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of WareBuy or its affiliates without their express written consent. You may not use any meta tags or any other “hidden text” utilizing WareBuy's or its affiliates name or trademarks without their express written consent. Any unauthorized use terminates the permission or license granted by WareBuy and / or its affiliates. You are granted a limited, non-assignable, revocable, and non-exclusive right to create a hyperlink to the home page of WareBuy so long as the link does not portray WareBuy, its affiliates, or their products or services in a false, misleading, derogatory, or otherwise offensive matter. You may not use any logo or other proprietary graphic or trademark of WareBuy or its affiliates as part of the link without their express written permission.
20. Your Activity on the WareBuy
WareBuy and its affiliates reserve the right to refuse service, terminate accounts, or remove or edit content in their sole discretion. You must not use the Site in any way that causes, or is likely to cause, the website or access to it to be interrupted, damaged or impaired in any way. You understand that you, and not WareBuy, are responsible for all electronic communications and content sent from your computer to us and you must use the Site for lawful purposes only and only in accordance with the applicable law.
You must not use the Site for any of the following:
for fraudulent purposes, or in connection with a criminal offence or other unlawful activity;
to send, use or reuse any material that is illegal, offensive, (including but not limited to material that is sexually explicit or which promotes racism, bigotry, hatred or physical harm), abusive, harassing, misleading, indecent, defamatory, disparaging, obscene or menacing; or in breach of copyright, trademark, confidentiality, privacy or any other proprietary information or right; or is otherwise injurious to third parties; or objectionable or otherwise unlawful in any manner whatsoever; or which consists of or contains software viruses, political campaigning, commercial solicitation, chain letters, mass mailings or any “spam”; to cause annoyance, inconvenience or needless anxiety;
21. Your License
If you submit material, and unless we indicate otherwise, you grant WareBuy and its affiliates a nonexclusive, royalty-free, irrevocable, perpetual and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content throughout the world in any media for as long as you are permitted to grant the said licence under applicable law. You grant WareBuy and its affiliates and sublicensees the right to use the name that you submit in connection with such content, if they choose. You represent and warrant that you own or otherwise control all of the rights to the content or material that you post or submit or that you otherwise provide on or through the WareBuy; that the content is accurate; that the content is lawful; that use of the content you supply does not violate this policy and will not cause injury to any person or entity; and that you will indemnify WareBuy and its affiliates for all claims arising from content you supply. WareBuy has the right but not the obligation to monitor and edit or remove any activity or content. WareBuy takes no responsibility and assumes no liability for any content submitted by you or any third party.
22. IPR Complaints
WareBuy and its affiliates respect the intellectual property of others. If you believe that your work has been used in a way that constitutes infringement of your intellectual property, please get in touch with WareBuy at the earliest.
23. Services Description
WareBuy and its affiliates attempt to be as accurate as possible. However, WareBuy does not warrant that descriptions of or other content of this site is accurate, complete, reliable, current, or error-free. Also, your access to WareBuy may also be occasionally suspended or restricted to allow for repairs, maintenance, or the introduction of new facilities or at any time without prior notice. We will attempt to limit the frequency and duration of any such suspension or restriction.
24. Applicable Law
Any dispute relating in any way to your visit to this Site shall be submitted to the appropriate and exclusive jurisdiction of the, state or federal, courts of State of New Jersey.
26. Site Policies, Modification and Severability
If you become a vendor on the WareBuy, your activities will be governed by the WareBuy Terms & Conditions of Use and any other applicable policies or agreements.
Data Processing Addendum
This Data Processing Addendum ("DPA") is incorporated into and forms a part of all Terms and Conditions created for using warebuy.com, Inc. ("WareBuy") and Users that governs user’s access and usage of e-commerce services provided by warebuy.com ("T&Cs"). Except as modified below, the T&Cs shall remain in full force and effect.
- 1.1 In this DPA, the following terms (and derivations thereof) have the meanings set out below:
- 1.1.1 “California Consumer Privacy Act of 2018” or “CCPA” means Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018;
- 1.1.2 "Contracted Processor" means WareBuy or a Subprocessor;
- 1.1.3 “User” means customers or vendors or resellers on warebuy.com;
- 1.1.4 “User Content” means any data, file attachments, text, images, reports, personal information, or other content that is uploaded or submitted to the E-commerce service by User and is processed by WareBuy on behalf of User. For the avoidance of doubt, User Content does not include usage, statistical, or technical information that does not reveal the actual contents of the User Content;
- 1.1.5 "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
- 1.1.6 “Data Subject” means (i) an identified or identifiable natural person who is in the EEA or whose rights are protected by the GDPR; or (ii) a “Consumer” as the term is defined in the CCPA;
- 1.1.7 “Data Subject Rights” means those rights identified in the GDPR and the CCPA granted to Data Subjects;
- 1.1.8 "EEA" means the European Economic Area;
- 1.1.9 "EU Data Protection Laws" means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or “GDPR”), as transposed into domestic legislation of each Member State and the laws implementing the GDPR;
- 1.1.10 “Personal Data” means User Content that directly or indirectly identifies or relates to a Data Subject;
- 1.1.11 “Privacy Shield” means the EU-U.S. and Swiss-U.S. Privacy Shield self-certification programs approved by the European Commission (Decision of 12th July 2016) and operated by the U.S. Department of Commerce;
- 1.1.12 "Services" means professional services, the E-commerce service, and any other internet-delivered service or application provided by WareBuy that User uses with the E-commerce service;
- 1.1.13 “Standard Contractual Clauses”, “SCCs”, or “SCC” means the standard contractual clauses for the transfer of personal data from controllers in the EU to data processors established outside the EU or EEA issued by the European Commission under decision 2010/87/EU attached hereto as Annex 2, as amended by Section 3;
- 1.1.14 “E-commerce service” means WareBuy’s e-commerce platform. For the purposes of this DPA, the services and applications offered by our Affiliate companies are not part of the E-commerce service and User is responsible for, if necessary, executing a separate DPA;
- 1.1.15 "Subprocessor" means any person (including any third party but excluding independent contractors of WareBuy subject to Section 4) appointed by or on behalf of WareBuy to Process Personal Data on behalf of User in connection with the T&Cs; and
- 1.1.16 “Supervisory Authority” means either (as applicable): (i) an independent public authority which is established by an EU Member State pursuant to Article 51 of the GDPR; or (ii) the California Attorney General.
- 1.2 The terms, "Commission", "Controller", "Member State", "Personal Data Breach", and "Processing" have the meanings given in the GDPR.
- 1.3 Capitalized terms not defined herein have the meaning given in the T&Cs. The word "include" shall be construed to mean “include without limitation,” and any derivations thereof shall be construed accordingly. All “Section” references shall be to this DPA unless otherwise specified.
- Processing of Personal Data
- 2.1 WareBuy will, and require that Subprocessors, only Process Personal Data pursuant to User's documented instructions as set forth in this DPA and the T&Cs or where required by laws to which the relevant Contracted Processor is subject.
- 2.2 As necessary for the provision of the Services, User instructs WareBuy (and authorizes WareBuy to instruct each Subprocessor) to:
- 2.2.1 Process Personal Data, including but not limited to by disclosing such data to Subprocessors and other third parties;
- 2.2.2 transfer Personal Data to any country or territory subject to Section 3; and
- 2.2.3 engage any Subprocessors subject to Section 6;
- and warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give such instruction.
- 2.3 Annex 1 (Details of Processing) sets out information regarding the Processing of Personal Data as may be required by Data Protection Laws including Article 28(3) of the GDPR. Nothing in Annex 1 confers any right or imposes any obligation on a party to this DPA.
- International Transfers
- 3.1.1 WareBuy will during the Term: (i) maintain its self-certification to the Privacy Shield; and (ii) comply with each of the Privacy Shield principles (including, without limitation, Accountability for Onward Transfer) with respect to the Processing of Personal Data; and
- 3.1 With regard to any transfer of Personal Data from User to WareBuy (or from WareBuy to a third country) that would be prohibited by applicable EU Data Protection Laws in the absence of a lawful data transfer mechanism:
- 3.1.2 if WareBuy ceases to maintain its Privacy Shield self-certification for any reason, the Standard Contractual Clauses, subject to Section 3.2 below, shall go into immediate effect.
- 3.2 The following terms apply only in the event the Standard Contractual Clauses are in effect:
- 3.2.1 the SCCs and this Section 3.2 apply to the legal entity that executed this DPA;
- 3.2.2 this DPA and the T&Cs are User’s complete and final instructions for the Processing of Personal Data. For the purposes of SCC Clause 5(a), the following is deemed an instruction by User to process Personal Data: (i) Processing in accordance with the T&Cs and applicable Orders or SOWs; (ii) Processing initiated by users in their use of the Services; and (iii) Processing to comply with other reasonable instructions provided by User where such instructions are consistent with the terms of the T&Cs;
- 3.2.3 SCC Clause 5(h) is satisfied by the process described in Section 6 of this DPA;
- 3.2.4 WareBuy may remove all commercial information, or terms unrelated to the SCCs, from copies of Sub-processor T&Css it must provide pursuant to SCC Clause 5(j); such copies will be provided by WareBuy (in a manner determined in its discretion) only upon User’s written request;
- 3.2.5 the requirements of SCC Clause 5(f), 11, and 12(2) shall be satisfied by the processes set forth in Sections 6, 10, and 11 of this DPA;
- 3.2.6 WareBuy will provide any certification of deletion required by SCC Clause 12(1) only upon User’s request in accordance with Section 10.4 of this DPA.
- WareBuy Personnel
- Persons authorized by WareBuy to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- 5. Security
- 5.1 WareBuy will implement and maintain each of the technical and organizational measures described in the WareBuy Documentation and the T&Cs (“TOM”).
- 5.2 Acknowledging that User (and not WareBuy): (i) controls the nature and contents of User Content (including any Personal Data therein); and (ii) acts as its own system administrator and controls user access to User Content (including any Personal Data therein), User represents and warrants that on the date of this DPA and during the Term:
- 5.2.1 with respect to Personal Data, the TOM meet the requirements set out in Data Protection Laws applicable to User’s use of the Services;
- 5.2.2 Personal Data has been and will be collected and Processed by User in accordance with applicable Data Protection Laws;
- 5.2.3 the Processing of Personal Data in accordance with this DPA by WareBuy will not violate applicable Data Protection Laws; and
- 5.2.4 User will take all steps necessary to ensure it achieves the foregoing, including without limitation, by providing Data Subjects with appropriate privacy notices, obtaining any required consent, and ensuring that there is a lawful basis for Contracted Processors to Process Personal Data.
- 5.3 User will indemnify and hold harmless the Contracted Processors against all losses, fines, and regulatory sanctions arising from any claim by a third party (including any Supervisory Authority) arising out of User’s negligence, wilful misconduct, and bad faith in connection with any breach of Section 5.2 by User.
- 6.1 User authorizes WareBuy to appoint Subprocessors (and permits each Subprocessor to appoint additional Subprocessors) in accordance with this Section 6.
- 6.2 WareBuy carries out appropriate due diligence on each Subprocessor and the arrangement between WareBuy and each Subprocessor is governed by a written contract which: (i) includes terms substantially equivalent to those set out in this DPA; and (ii) meet the requirements of Article 28(3) of the GDPR and Section 1798.140(v) and (w) of the CCPA. WareBuy is responsible for its Subprocessor's acts and omissions in relation to WareBuy's obligations under this DPA.
- Data Subject Rights
- 7.1 User is responsible for responding to Data Subject requests using its own access to the relevant Personal Data. At User’s request, WareBuy will provide reasonable assistance to User, to the extent User is unable to access the relevant Personal Data after diligent reasonable efforts. Taking into account the nature of the Processing, and solely to the extent User cannot access Personal Data itself, WareBuy shall assist User by implementing appropriate technical and organizational measures, insofar as this is reasonably possible, for the fulfilment of User’s obligations, as reasonably understood by User, to respond to requests to exercise Data Subject rights under the GDPR and the CCPA. To the extent legally permitted, User shall be responsible for any costs arising from WareBuy’s provision of such assistance.
- 7.2 WareBuy will without undue delay notify User if WareBuy receives a request directly from a Data Subject under Data Protection Laws in respect of Personal Data. WareBuy will not respond to such request except on the documented instructions of User or as required by applicable law.
- Personal Data Breach
- WareBuy’s obligations
- 8.1 Notification to User. WareBuy will notify User without undue delay upon WareBuy becoming aware of a Personal Data Breach affecting Personal Data. WareBuy’s notification of or response to a Personal Data Breach under this Section 8 will not be construed as an acknowledgement by WareBuy of any fault or liability with respect to the Personal Data Breach.
- 8.2 Provision of information for downstream notification. WareBuy will make commercially reasonable efforts, in accordance with its security incident management policies and procedures, to identify the cause of such Personal Data Breach, and provide User with sufficient information to allow User to meet its obligations under the GDPR and CCPA to report or inform Data Subjects of the Personal Data Breach.
- 8.3 Cooperation with User’s instructions. At User’s sole expense and to the extent User cannot itself access the information necessary to comply with its additional obligations under applicable Data Protection Laws, WareBuy shall cooperate with User and, if necessary, take such reasonable commercial steps as are directed by User to assist in User’s investigation, mitigation, and remediation of each such Personal Data Breach.
- User’s Obligations
- 8.4 User is solely responsible for complying with incident notification laws applicable to User; and
- 8.5 User is solely responsible for fulfilling any third party notification obligations related to any Personal Data Breach. WareBuy will not assess the contents of Personal Data to identify information subject to any specific legal requirements.
- Data Protection Impact Assessment and Prior Consultation
- At User’s request, WareBuy shall provide reasonable assistance to User with any data protection impact assessments and prior consultations with Supervisory Authorities or other competent data privacy authorities, as required by Article 35 or 36 of the GDPR, and in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
- Return of Personal Data
- 10.1 Subject to Sections 10.2 and 10.3, WareBuy shall without undue delay after, and in any event no later than 180 days of, the date of cessation of any Services involving the Processing of Personal Data (the "Cessation Date"), render unrecoverable or return Personal Data in accordance with WareBuy’s security practices.
- 10.2 User can, at any time during the Term, obtain a zip file backup from the E-commerce service that includes: (i) User’s then-current file attachments in their native file formats; and (ii) all other then-current User Content (including any Personal Data contained therein), in a commonly used format, as reasonably determined by WareBuy. Upon User’s request made prior to the Cessation Date, WareBuy will allow User’s SysAdmin(s) to have read-only access to the E-commerce service for the sole purpose of retrieving such data for 30 days following the Cessation Date. Thereafter, WareBuy has no obligation to retain, and will render unrecoverable, such data in accordance with WareBuy’s security practices.
- 10.3 Each Contracted Processor may retain Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws.
- 10.4 At User’s reasonable request, WareBuy shall provide written certification to User that it has fully complied with this Section 10 within 180 days of the Cessation Date.
- Audit Rights
- Audit rights at WareBuy’s expense
- 11.1 Audit Reports. WareBuy uses external auditors to verify the adequacy of its security measures and controls for certain Services, including the E-commerce service. The resulting audit will: (i) include testing of the entire measurement period since the previous measurement period ended; (ii) be performed according to AICPA SOC2 standards or such other alternative standards that are substantially equivalent to AICPA SOC2; (iii) be performed by independent third party security professionals at WareBuy's selection and expense; and (iv) result in the generation of a SOC 2 report (“Audit Report”), which will be WareBuy's Confidential Information. The Audit Report will be made available to User upon written request no more than annually subject to the confidentiality obligations of the T&Cs or a mutually-agreed non-disclosure T&Cs covering the Audit Report. For the avoidance of doubt, each Audit Report will only discuss Services in existence at the time the Audit Report was issued; subsequently released Services, if covered by the Audit Report, will be in the next annual iteration of the Audit Report.
- 11.2 Penetration Testing. WareBuy uses external security experts to conduct penetration testing of certain Services, including the E-commerce service. Such testing will: (i) be performed at least annually; (ii) be performed by independent third party security professionals at WareBuy’s selection and expense; and (iii) result in the generation of a penetration test report (“Pen Test Report”), which will be WareBuy’s Confidential Information. Pen Test Reports will be made available to User upon written request no more than annually subject to the confidentiality obligations of the T&Cs or a mutually-agreed non-disclosure T&Cs covering the Pen Test Report.
- Additional audits required by EU Data Protection Law
- 11.3 Subject to Sections 11.4 to 11.6, and always at User’s sole expense, WareBuy will (i) make available to User on request all information necessary to demonstrate compliance with this DPA, and (ii) allow for and contribute to audits, including inspections, by an auditor mandated by User in relation to the Processing of the Personal Data by WareBuy.
- 11.4 Information and audit rights of User only arise under Section 11.3 to the extent: (i) WareBuy Processes Personal Data of Data Subjects located in the EEA on behalf of User; and (ii) this DPA (including Section 11.1), the WareBuy Documentation, and the T&Cs do not otherwise give User information and audit rights meeting the relevant requirements of the GDPR (including, where applicable, Article 28(3)(h) of the GDPR).
- 11.5 User may only mandate an auditor for the purposes of Section 11.3 if the auditor is approved by WareBuy in writing, such approval not to be unreasonably withheld.
- 11.6 User shall give WareBuy reasonable notice of any audit or inspection to be conducted under Section 11.3 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing any damage, injury, or disruption to the Contracted Processor’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection:
- 11.6.1 to any individual unless he or she produces reasonable evidence of identity and authority;
- 11.6.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and User has given notice to WareBuy that this is the case before attendance outside those hours begins; or
- 11.6.3 for the purposes of more than one audit or inspection, in respect of each Contracted Processor, in any calendar year, except for any additional audits or inspections which: (i) User reasonably considers necessary because of genuine concerns as to WareBuy's compliance with this DPA or after a Personal Data Breach; or (ii) User is required to carry out by a Supervisory Authority under the GDPR,
- where User has identified its concerns or the relevant requirement or request in its notice to WareBuy of the audit or inspection.
- California Consumer Privacy Act of 2018
- 12.1 WareBuy is a “Service Provider” as defined in CCPA Section 1798.140(v).
- 12.2 User discloses Personal Data to WareBuy solely for: (i) a valid business purpose; and (ii) WareBuy to perform the Services.
- 12.3 WareBuy is prohibited from: (i) selling Personal Data; (ii) retaining, using, or disclosing Personal Data for a commercial purpose other than providing the Services; and (iii) retaining, using, or disclosing the Personal Data outside of the T&Cs between WareBuy and User.
- 12.4 WareBuy understands the prohibitions outlined in Section 12.3.
- General Terms
- Governing law and jurisdiction
- 13.1 The parties to this DPA hereby submit to the choice of jurisdiction stipulated in the T&Cs with respect to any disputes or claims arising under this DPA, including disputes regarding its existence, validity, or termination or the consequences of its nullity; and
- 13.2 This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the T&Cs.
- Order of precedence
- 13.3 Nothing in this DPA reduces WareBuy's obligations under the T&Cs in relation to the protection of Personal Data or permits WareBuy to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the T&Cs.
- 13.4 Subject to Section 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other T&Css between the parties, including the T&Cs and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) T&Css entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
- Changes in Data Protection Laws.
- 13.5 If any variation is required to this DPA as a result of a change in Data Protection Law, then either Party may provide written notice to the other Party of that change in law. The Parties will discuss and negotiate in good faith any necessary variations to this DPA to address such changes. If User gives notice under this Section 13.5, the parties shall without undue delay discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in User's notice (to the extent such variations are reasonable with regard to WareBuy’s business operations) as soon as is reasonably practicable.
- 13.6 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
- 13.7 For the avoidance of doubt, as between the parties to this DPA, each party’s liability and remedies under this DPA are subject to the aggregate liability limitations and damages exclusions set forth in the T&Cs.
ANNEX 1: DETAILS OF PROCESSING OF USER PERSONAL DATA
This Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Personal Data:
The subject matter and duration of the Processing of Personal Data are set out in the T&Cs and this DPA.
The nature and purpose of the Processing of Personal Data
Processing of Personal Data by WareBuy is reasonably required to facilitate or support the provision of the Services as described under the T&Cs and this DPA.
Type of Personal Data and Categories of Data Subjects:
The types of Personal Data and categories of Data Subject about whom the Personal Data relates are determined and controlled by User in its sole discretion. WareBuy’s Services does not impose any limits on the type of data stored or otherwise processed.
Obligations and Rights of the Controller:
The obligations and rights of User are set out in the T&Cs and this DPA.
ANNEX 2: STANDARD CONTRACTUAL CLAUSES
For the purposes of Article 26(2) of Directive 95/46/EC, or a successor law or regulation including the GDPR, for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
User (the “data exporter”)
WareBuy Inc. (the “data importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in T&Cs with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor T&Cs it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written T&Cs with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written T&Cs the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such T&Cs.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing T&Css concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.