Privacy Policy

This Privacy Policy will explain how our organization uses the personal data we collect from you when you use our website.

What data do we collect?

Our company collects the following data:

  • IP address
  • Browser’s user agent
  • Name/Surname
  • Email address

How do we collect your data?

You directly provide Appetize.io with most of the data we collect. We collect data and process data when you:

Appetize.io may also receive your data, if it is necessary, for resolving specific problems that can affect the usability of our software platform, or your user experience.

Appetize.io uses Google Analytics, HubSpot and Posthog to collect standard Internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the website.

Appetize.io considers any one of the above listed actions to be a clear affirmative action which is freely given, specific, informed, and unambiguous, and which therefore signifies consent to process your data hereunder.

Appetize.io can also process personal data indirectly about end-users on behalf of our customers, subject to the privacy policies of our customers as controllers and our Data Processing Agreement as processor.

How will we use your data?

Appetize.io collects your data so that we can:

  • Provide our service and enable customers to manage their accounts.
  • View and analyze your data to troubleshoot and improve our service for internal purposes only.
  • Upload your data to third party services as part of providing our service. The type of third parties that we use for that are related to the server hosting, file storage and backup. The purpose for which is that we need these external services for our data management infrastructure, because we do not host our own IT infrastructure, but rather rely on these third party cloud providers. For these third parties we have a specific Data Processing Agreement with each one. Appetize.io is liable in cases of onward transfers to third parties as described herein.
  • Divulge your data to law enforcement if we receive a valid subpoena – We will notify you if this happens, unless legally prohibited from doing so.

Independent of the third parties that we use to manage your data, you can pursue the following rights over your personal data at any time: access, rectification, erasure, restrict processing, data portability, object, and be informed. For more information about these rights, please see below.

How do we store your data?

Appetize.io securely stores your data in information systems that are in cloud environments, but are managed by us, using policies and procedures based on the ISO 27001 standard. Without limiting the forgoing Appetize.io warrants it follows the following security policies and procedure:

  • All your data is SSL encrypted at rest and in transit, configured to follow industry best practices
  • Access control lists and firewall rules are designed to grant minimal necessary permissions
  • Emails from our system are DKIM signed
  • Regular monitoring for potential security vulnerabilities and immediate remediation of any material security vulnerabilities discovered

Appetize.io stores your personal data using specific security controls, that we manage periodically to avoid disclosures, or unauthorized access.

Appetize.io processes your personal data only to provide the services in accordance with this Privacy Policy. To prevent any use or disclosure of your personal data subject to this Privacy Policy, you may not register an account, use the Appetize.io software, submit a contact form to us, or send us an email which gets logged in our ticketing system. If you believe we are already storing your personal data, and you want to prevent further use or disclosure of your personal data, please exercise your Right to erasure as described below.

Marketing

Appetize.io will never sell your data to a third party, or send you unsolicited marketing emails.

What are your data protection rights?

Appetize.io would like to make sure you are fully aware of all of your data protection rights. These data protection rights are the following:

  • Right to access: You have the right to request Appetize.io for copies of your personal data.
  • Right to rectification: You have the right to request that Appetize.io correct any information you believe is inaccurate. You also have the right to request Appetize.io to complete the information you believe is incomplete.
  • Right to erasure: You have the right to request that Appetize.io erase your personal data, under certain conditions.
  • Right to restrict processing: You have the right to request that Appetize.io restrict the processing of your personal data, under certain conditions.
  • Right to object to processing: You have the right to object to Appetize.io’s processing of your personal data, under certain conditions.
  • Right to data portability: You have the right to request that Appetize.io transfer the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have 1 month to respond to you, and if you want to exercise any of these rights, you can write us at our email: privacy@appetize.io

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. So, when you visit our website, we may collect information from you automatically through cookies or similar technology. For more information about cookies, you can visit this website: www.allaboutcookies.org

How do we use cookies?

Appetize.io uses cookies in a range of ways to improve your experience on our website, including understanding how you use our website.

What types of cookies do we use?

There are a number of different types of cookies our website uses:

Functionality: Appetize.io uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer, and location you are in. Behavior: Appetize.io uses these cookies to collect information about your visit to our website, the content you viewed, information about your browser, device, and IP address. How to manage cookies You can set your browser not to accept cookies, and this website www.allaboutcookies.org tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

The Appetize.io website can contain links to other websites, but our Privacy Policy applies only to our website. If you click on a link to another website, that website’s own Privacy Policy will govern the privacy of your data.

Sensitive data

Appetize.io may receive indirectly from our customers racial and/or sexual data from end-users, but storing or recording sensitive data of this type in our systems is not allowed, and we will delete immediately any kind of sensitive data that we see in our systems.

What sensitive data is prohibited?

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Changes to our privacy policy

Appetize.io keeps its Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on the date listed below.

To register for updates to this policy, please fill out the form at privacy registration.

How to contact us

If you have any questions about our Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: privacy@appetize.io

Recourse mechanism

Appetize.io commits to resolve complaints about our collection or use of personal data. Individuals or companies with inquiries or complaints regarding our policy should contact us at: privacy@appetize.io

Appetize.io is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC), as well as the EU Data Protection Authority (DPA) in the member state of the data subject.

Last updated June 11, 2023

Cloud Terms of Service

Appetize.io LLC (“Appetize.io”), a duly registered company in the United States, develops and makes available via hosted services the Appetize.io Software (the “Software”). This Agreement sets the terms and conditions of your use of the Software. By creating an account to use the Software, you agree to this Agreement. If you represent an organization, you represent and warrant that you are authorized to agree to this Agreement on behalf of your organization. If you do not agree to this Agreement, you may not use the Software.

DEFINITIONS Software means all cloud services and documentation created or managed by Appetize.io and made available to you under this Agreement.

1. Grant of Rights

For the term of this Agreement and subject to your payment of applicable fees as defined below, Appetize.io grants you a worldwide, non-exclusive, non-transferable right to use the Software.

2. Restrictions

Appetize.io respects the intellectual property rights of others and expects users to do the same. You may not use Appetize.io’s Software for any illegal use, and you may not use Appetize.io’s Software in any way which violates the intellectual property rights of others.

3. Fees and Payment

Appetize.io offers several plan types, which may include a Trial plan which is free to use and does not expire. You shall pay to Appetize.io the fees according to Appetize.io’s publicly listed pricing terms on its website, or as mutually agreed between the parties in writing. You agree that applicable fees include the plan base charge plus any minutes overage charges you incur based on your usage volume.

You agree to provide valid and updated payment information to Appetize.io. If Appetize.io cannot charge you for applicable fees 3 days after payment is due, Appetize.io may suspend your use of the Software. Fees are non-refundable, and payable monthly via credit card, or as mutually agreed between the parties in writing. Appetize.io may modify the fees it charges for the Software at any time, but will give existing customers at least 90 days written notice before any changes in fees take effect.

If you are required to pay any withholding tax, charge or levy in respect of any payments due to Appetize.io hereunder, payments will be made without right of set-off or chargeback. You agree that any applicable VAT or GST will be paid on a reverse charge basis.

4. Confidential Information & Intellectual Property

Confidential Information means: (i) any information that is clearly and conspicuously marked as “confidential” or has a similar designation at time of disclosure; (ii) any materials and/or information that are disclosed under circumstances that one would reasonably expect it to be confidential or proprietary; and, (iii) information that is identified by the disclosing party as confidential and/or proprietary before, during, or promptly after presentation or communication. Confidential Information shall include each party’s business and technical information. Confidential Information of the other party will be used solely as necessary to fulfill obligations under this Agreement and for no other purpose whatsoever.

The receiving party agrees that nothing in this Agreement grants to the receiving party any license, right, title, or interest in or to the Confidential Information, except as expressly set forth herein. The parties agree to protect the other’s Confidential Information using the same degree of care they use to protect their own confidential information of a like nature, but never less than ordinary care.

Confidential information does not include information that: (i) was known to a receiving party without restriction before receipt from the disclosing party; (ii) is publicly available through no fault of the receiving party; (iii) is rightfully received by the receiving party from a third party without a duty of confidentiality; or, (iv) is independently developed by the receiving party without reference to any Confidential Information. A receiving party may disclose Confidential Information as necessary to comply with a valid judicial or other governmental order, provided that the receiving party shall: (i) give the disclosing party reasonable written notice (to the extent permitted under applicable laws) and opportunity to object prior to such disclosure; (ii) seek confidential treatment of such Confidential Information; and, (iii) comply with any applicable protective order or its equivalent.

In the event of actual or threatened breach of the foregoing Confidential Information provisions, the disclosing party will have no adequate remedy at law and therefore will be entitled to immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages.

5. Duration and Termination

The term of this Agreement begins when you create an account and will remain in effect until terminated in accordance with this Agreement. You may terminate this Agreement by terminating your entire use of the Software, and we may terminate this Agreement for any reason by providing you 30 days advance notice if you are subscribing to a paid plan, or immediately without notice if you are on our Trial plan.

We may also terminate your account and this Agreement immediately if: (i) you are late in payment or otherwise in breach of this Agreement; (ii) we reasonably determine your use of the Software poses a risk to the Software or to others or may be unlawful; (iii) you become insolvent or make any voluntary arrangement with creditors, become subject to an administrative order, have a receiver or administrator appointed over any of your property, or go into liquidation or bankruptcy.

Upon termination of this Agreement all your rights under this Agreement immediately terminate, and you will remain responsible for all fees and charges you have incurred up to and including the date of termination.

6. Maintenance, Updates, and Support

Appetize.io will provide maintenance and updates, including security updates, to the Software during the term. If you are on a paid plan, Appetize.io will provide support to you via email during the term. The email address for support is hello@appetize.io.

7. Warranty

Appetize.io represents and warrants that it has the legal power and authority to enter into this Agreement.

Appetize.io does not warrant that the functions contained in the Software will meet your requirements or that the operation of the Software will be correct, uninterrupted or error-free.

8. Indemnification

You will defend, indemnify, and hold harmless Appetize.io and our respective employees, officers, directors, and representatives from and against any claim, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to any third party claim relating to: (i) your use of the Software; (ii) your breach of this Agreement or violation of applicable law; (iii) your data, including any claim involving alleged infringement or misappropriation of intellectual property rights. We will promptly notify you of any claim, but our failure to promptly notify you will only affect your obligations to the extent that our failure materially harms your ability to defend the claim.

9. Limitation of Remedies and Damages

In no event will either party be liable for any indirect, incidental, special or consequential damages, or for any lost profits, lost savings, loss of use, lost revenues or lost data arising from or relating to the Software or this Agreement, even if the parties have been advised of the possibility of such damages. Appetize.io will not be responsible for any compensation, reimbursement, or direct damages arising in connection with: (i) your use of the Software; (ii) your inability to use the Software; (iii) the cost of replacing the Software; or (iv) any investments, expenditures, or commitments by you in connection with this Agreement. Appetize.io’s aggregate liability under this Agreement will be limited to the actual fees paid by you under this Agreement during the 12 months preceding the claim.

10. Dispute Resolution

If any dispute, controversy, claim or conflict arises out of or in connection with this Agreement, the parties shall use reasonable endeavors to settle the dispute as soon as practicable. If the parties are unable to resolve the dispute within 10 business days after the dispute commences, each party shall refer the dispute to a senior manager having the appropriate authority to resolve the dispute, and use all reasonable endeavors to settle the dispute as soon as practicable.

11. Force Majeure

If Appetize.io’s performance of its obligations under this Agreement are affected by events beyond its reasonable control (events of “Force Majeure”), then Appetize.io will immediately notify you. Appetize.io will not be in breach of this Agreement by reason of the failure or delay in performance of any obligations to the extent that such failure or delay is caused by Force Majeure, and the time for performance will be extended accordingly.

12. Public Announcements

You grant Appetize.io the right to include your name and your affiliated logo mark and other indicia in its customer list and marketing material. You may deny this right at any time by submitting a written request via email to hello@appetize.io.

13. General

Appetize.io warrants that it has the legal power and authority to enter into this Agreement. This Agreement is binding on you as well as your employees, contractors and agents. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other (not to be unreasonably withheld). Appetize.io may amend this Agreement at any time by posting a revised version on its website or by otherwise notifying you by email. By continuing to use the Software after the effective date of any amendment to this Agreement, you agree to be bound by the amended terms of this Agreement.

This Agreement is governed by the laws of the State of Delaware. This Agreement incorporates any Data Processing Agreement or Business Associate Agreement, and is the entire agreement between you and Appetize.io. If any provision of this Agreement is deemed invalid or unenforceable by any country or government agency having jurisdiction, that particular provision will be deemed modified to the extent necessary to make the provision valid and enforceable, and the remaining provisions will remain in full force and effect.

Cloud service level agreement

Appetize.io will provide a Monthly Uptime Percentage to Customer of at least 99.9% (the “SLA”).

If Appetize.io does not meet the SLA, and if Customer meets its obligations under the SLA, Customer will be eligible to receive the Financial Credits described below.

This SLA states Customer’s sole and exclusive remedy for any failure by Appetize.io to meet the SLA.

“Customer” means a current paying client of Appetize.io.

“Downtime” means either of the following occur:

Appetize.io’s website, including any app-specific URL, is inaccessible or returns HTTP status codes starting with 5 (e.g 500, 503) Appetize.io’s streaming servers fail to start sending frames to users with greater than 5% frequency after receiving connection from user “Downtime Period” means a period of at least five consecutive minutes of Downtime.

“Monthly Uptime Percentage” means the total number of minutes in a month, minus the total number of minutes of Downtime suffered from all Downtime Periods in a month, divided by the total number of minutes in a month.

 

“Financial Credit” means:

Monthly Uptime Percentage
99% - 99.9%
95% - 99%
< 95%
Percentage of month’s bill as credit
10%
25%
50%
Monthly Uptime Percentage Percentage of month’s bill as credit
99% - 99.9% 10%
95% - 99% 25%
< 95% 50%

Customer must request Financial Credit within 30 days of eligibility. Failure to comply with this requirement will forfeit Customer’s right to receive a Financial Credit.

Financial Credits will be applied to future use of Appetize.io.

Last updated November 18, 2020

 

Looking for a negotiated service level agreement? Please contact hello@appetize.io.

Data Processing Agreement

This Data Processing Agreement (“DPA”) is incorporated into and forms a part of the Cloud Terms of Service (“Appetize.io Agreement”) between you and Appetize.io LLC (“Appetize.io”) with respect to your use of the Software. This DPA sets out the data protection requirements with respect to the processing of Customer Personal Data (as defined below) that is collected, stored, or otherwise processed by Appetize.io for the purpose of providing the Software. This DPA is effective on the effective date of the Appetize.io Agreement, unless this DPA is separately executed in which case it is effective on the date of the last signature.

1. Definitions

The following terms have the following meanings when used in this DPA. Any capitalized terms that are not defined in this DPA have the meaning provided in your Appetize.io Agreement.

Customer,” “you” and “your” means the organization that agrees to an Order Form, or uses the Software subject to the relevant Appetize.io Agreement.

Customer Personal Data” means any personal data that is processed through the Software on behalf of Customer.

Data Protection Law” means, to the extent applicable, (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“EU GDPR”); (ii) the Data Protection Act 2018 and EU GDPR as incorporated into United Kingdom law by Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”); (iii) the Swiss Federal Act on Data Protection (“FADP”); (iv) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code §§ 1798.100 to 1798.199.100), together with the CCPA Regulations (Cal. Code Regs. tit. 11, §§ 7000 to 7102) which may be amended from time to time (“CCPA”); and (v) any other data protection legislation applicable to the respective party in its role in the processing of Customer Personal Data under the Appetize.io Agreement.

Data Subject Request” has the meaning given to it in Section 5.1.

EEA” means the European Economic Area.

Subprocessor” means any third-party data processor engaged by Appetize.io to process Customer Personal Data.

Technical and Organizational Security Measures” has the meaning given to it in Section 3.2.

The terms “controller,” “data subject,” “personal data,” “personal data breach,” “processor,” “processing,” and “supervisory authority,” have the meanings set forth in the EU GDPR.

2. Data Processing

2.1. Scope and Roles. This DPA applies when Appetize.io processes Customer Personal Data in the course of providing the Software. In this context, Appetize.io is a “processor” to Customer, who may act as either a “controller” or “processor” with respect to Customer Personal Data.

2.2. Details of the Processing.

2.2.1. Subject Matter. The subject matter of the data processing under this DPA is Customer Personal Data.

2.2.2. Duration. The duration of the data processing under this DPA is until the expiration or termination of the Appetize.io Agreement in accordance with its terms.

2.2.3. Nature and Purpose. The purpose of the data processing under this DPA is the provision of the Software to Customer in accordance with the Appetize.io Agreement.

2.2.4. Types of Customer Personal Data. The types of Customer Personal Data processed under this DPA include any Customer Personal Data processed through the Software on behalf of Customer.

2.2.5. Categories of Data Subjects. The data subjects may include Customer’s customers, employees, suppliers, and end users, or any other individual whose personal data processed through the Software on behalf of Customer.

2.3. Compliance with Laws. Each party will comply with all applicable Data Protection Law in relation to the processing of Customer Personal Data.

2.4. Appetize.io’s Processing. Appetize.io will process Customer Personal Data only for the purposes of: (i) provisioning the Software, (ii) processing initiated by Customer in its use of the Software, and (iii) processing in accordance with your Appetize.io Agreement, this DPA, and your other reasonable documented instructions that are consistent with the terms of your Appetize.io Agreement. Any other processing will require prior written agreement between the parties.

2.5. Customer Obligations. Customer acknowledges that it controls the nature and contents of the Customer Personal Data. Customer will ensure that it has obtained all necessary and appropriate consents from and provided notices to data subjects where required by Data Protection Law to enable the lawful transfer of any Customer Personal Data to Appetize.io for the duration and purposes of this DPA and the Appetize.io Agreement.

3. Security.

3.1. Confidentiality of Personnel. Appetize.io will ensure that any of our personnel and any subcontractors who have access to Customer Personal Data are under an appropriate obligation of confidentiality.

3.2. Security Measures. We will implement appropriate technical and organizational security measures to ensure a level of security appropriate to the risks that are presented by the processing of Customer Personal Data. The current technical and organizational security measures are described at https://appetize.io/security (“Technical and Organizational Security Measures”).

3.3. Breach Notification. We will notify you without undue delay if we become aware of a personal data breach affecting Customer Personal Data.

4. Subprocessors.

4.1. Authorized Subprocessors. You acknowledge and agree that we may retain third parties to process Customer Personal Data on your behalf as Subprocessors in connection with the provision of the Software. We maintain a current list of our Subprocessors at: https://appetize.io/subprocessors which we will update at least 10 days before the addition or replacement of any Subprocessor.

4.2. Objections to Subprocessors. In the event you have a reasonable objection to any new Subprocessor, either (A) we will instruct such Subprocessor not to process Customer Personal Data on your behalf and, if possible, continue to provide the Software in accordance with the terms of the Appetize.io Agreement and any applicable Order Form, or (B) if we cannot provide the Software without the use of such Subprocessor, you may, as your sole and exclusive remedy, terminate this Agreement and any applicable Order Form and receive a pro-rata refund of any prepaid fees.

4.3 Subprocessor Obligations. Appetize.io will impose on each Subprocessor the same data protection obligations as are imposed on us under this DPA. We will be liable to you for the performance of the Subprocessors’ obligations to the extent required by Data Protection Law.

5. Data Subject Requests.

5.1. To assist with your obligations to respond to requests from data subjects, please contact your Appetize.io account manager, or if you do not have one privacy@appetize.io, with the written request to retrieve, correct, or delete Customer Personal Data. Customer may use this mechanism to assist it in connection with its obligations under Data Protection Law, including its obligations related to any request from a data subject to exercise their rights under Data Protection Law (each, a “Data Subject Request”).

5.2. If a data subject contacts Appetize.io with a Data Subject Request that identifies Customer, to the extent legally permitted, we will promptly notify Customer. Solely to the extent that Customer is unable to access Customer Personal Data itself, and Appetize.io is legally permitted to do so, we will provide commercially reasonable assistance to Customer in responding to the Data Subject Request.

6. Requests for Customer Personal Data.

6.1. If we receive a valid and binding legal order (“Request”) from any governmental body (“Requesting Party”) for disclosure of Customer Personal Data, we will use commercially reasonable efforts to redirect the Requesting Party to seek that Customer Personal Data directly from Customer.

6.2. If, despite our efforts, we are compelled to disclose Customer Personal Data to a Requesting Party, we will: (a) if legally permitted, promptly notify Customer of the Request to allow Customer to seek a protective order or other appropriate remedy. If we are prohibited from notifying Customer, we will use commercially reasonable efforts to obtain a waiver of that prohibition; (b) challenge any over-broad or inappropriate Request (including Requests that conflict with Data Protection Law); and (c) disclose only the minimum amount of Customer Personal Data necessary to satisfy the Request.

7. Cooperation.

At your request and cost, Appetize.io will provide reasonable assistance to ensure compliance with the obligations under applicable Data Protection Law with respect to implementing appropriate security measures, personal data breach notifications, impact assessments and consultations with supervisory authorities or regulators, in each case solely related to processing of Customer Personal Data by Appetize.io.

8. Customer Audit Rights.

8.1. Upon Customer’s request, and subject to the confidentiality obligations set forth in your Appetize.io Agreement, Appetize.io will make available to Customer (or Customer’s third-party auditor) information regarding Appetize.io’s compliance with the security obligations set forth in this DPA in the form of third-party certifications and audits.

8.2. If that information is not sufficient to demonstrate our compliance with the security obligations in the DPA, you may contact Appetize.io to request an audit of Appetize.io’s procedures relevant to the protection of Customer Personal Data, but only to the extent required under applicable Data Protection Law. Customer will reimburse Appetize.io for its reasonable costs associated with any such audit. Before the commencement of any such audit, Customer and Appetize.io will mutually agree upon the scope, timing, and duration of the audit.

8.3. Customer will promptly notify Appetize.io with information regarding any non-compliance discovered during the course of an audit, and Appetize.io will use commercially reasonable efforts to address any confirmed non-compliance.

9. Data Transfers.

9.1. Data Processing Locations. Customer Personal Data will be hosted globally, unless it is previously agreed in writing between Customer and Appetize.io that the hosting will be restricted to the United States, European Economic Area, or other region(s) as mutually agreed. Customer acknowledges and agrees that Appetize.io provides support operations globally, and that such support operations may require the temporary access of Customer Personal Data from outside of the hosted region(s) solely for the purpose of providing support. When Customer Personal Data is transferred between countries and regions, such transfers by Customer will be governed by the transfer mechanisms described in Section 9.2 below.

9.2. Transfer Mechanism. Where the transfer of Customer Personal Data is from the EEA, Switzerland or the United Kingdom to a territory which has not been recognized by the relevant data protection authorities as providing an adequate level of protection for personal data according to Data Protection Law, Appetize.io agrees to process that Customer Personal Data in compliance with the provisions set out in Schedule 1 below, which forms an integral part of this DPA.

10. Return or Deletion of Data.

Customer may retrieve or request the deletion of Customer Personal Data in writing at any time. Upon your request, Appetize.io will delete any Customer Personal Data as requested by Customer, unless we are legally required to store the Customer Personal Data, and subject to Appetize.io’s documented backup policies.

11. CCPA Obligations.

For purposes of this Section 11, Customer Personal Data shall include “personal information” (as that term is defined under CCPA) that is processed through the Software on behalf of Customer. Appetize.io is a “service provider” as defined in CCPA.

11.1. Appetize.io will not:

11.1.1. retain, use, or disclose Customer Personal Data for any purpose other than providing the Software;

11.1.2. retain, use, or disclose Customer Personal Data outside of the direct business relationship between Appetize.io and Customer;

11.1.3. sell or share Customer Personal Data (as the terms “sell” and “share” are defined in CCPA); or

11.1.4. combine Customer Personal Data with personal information that Appetize.io has received from another Appetize.io customer, except as permitted under CCPA.

11.2. We will notify you if we determine that we can no longer comply with our obligations as a service provider under CCPA.

11.3. You have the right, upon notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information that is protected under CCPA.

SCHEDULE 1

CROSS BORDER DATA TRANSFERS

1. Definitions.

Standard Contractual Clauses” means the applicable module(s) of the Standard Contractual Clauses approved by the European Commission in decision 2021/914, or any subsequent versions of the Standard Contractual Clauses which may be adopted by the European Commission from time to time. Upon the effective date of adoption for any revised Standard Contractual Clauses by the European Commission, all references in this DPA to the “Standard Contractual Clauses” shall refer to that latest version.

Alternative Transfer Mechanism” means a mechanism, other than the Standard Contractual Clauses, that enables the lawful cross-border transfer of Customer Personal Data to a territory which has not been recognized by the relevant data protection authorities as providing an adequate level of protection for Customer Personal Data in accordance with Data Protection Law, including but not limited to any replacement international instruments for the invalidated EU-U.S. and Switzerland-U.S. Privacy Shield Frameworks or Binding Corporate Rules under Article 47 of EU GDPR.

2. Order of Precedence for Transfer Mechanisms.

For transfers of Customer Personal Data that are subject to Section 9.2 of the DPA, the transfer mechanisms below shall apply in the following order of precedence in accordance with Data Protection Law: (A) Appetize.io’s certification to or adoption of an Alternative Transfer Mechanism; and (B) the Standard Contractual Clauses in accordance with Section 3 below.

3. Incorporation of the Standard Contractual Clauses.

3.1. When the Standard Contractual Clauses are the applicable transfer mechanism in accordance with Section 2 above, the parties agree that:

3.1.1 Clause 7 will not apply.

3.1.2 in Clause 9(a), Option 2 will apply, and the time period for prior notice of Subprocessor changes will be as set forth in Section 4.1 of the DPA.

3.1.3 in Clause 11(a), the optional language will not apply.

3.1.4 in Clause 17, Option 1 will apply, and the Standard Contractual Clauses will be governed by the law of the Republic of Ireland.

3.1.5 in Clause 18(b), disputes will be resolved before the courts of the Republic of Ireland.

3.2. For purposes of Annex I, Part A of the Standard Contractual Clauses (List of Parties):

3.2.1 Data Exporter: Customer. Contact Details: Customer’s account owner email address, or to the email address(es) for which Customer elects to receive legal communications. Data Exporter Role: Data Exporter’s role is outlined in Section 2 of the DPA. Signature & Date: By entering into the Appetize.io Agreement, Data Exporter is deemed to have signed the Standard Contractual Clauses, including their Annexes and configured according to Section 3 of this Schedule I to the DPA, as of the effective date of the Appetize.io Agreement.

3.2.2 Data Importer: Appetize.io LLC. Contact Details: privacy@appetize.io Data Importer Role: Data Importer’s role is outlined in Section 2 of the DPA. Signature & Date: By entering into the Appetize.io Agreement, Data Importer is deemed to have signed the Standard Contractual Clauses, including their Annexes and configured according to Section 3 of this Schedule 1 to the DPA, as of the effective date of the Appetize.io Agreement.

3.3. For purposes of Annex I, Part B of the Standard Contractual Clauses (Description of Transfer):

3.3.1 The categories of data subjects are described in Section 2.2.5 of the DPA.

3.3.2 The forms of Customer Personal Data transferred are described in Section 2.2.4 of the DPA.

3.3.3 The frequency of the transfer is on a continuous basis for the duration of the Appetize.io Agreement.

3.3.4 The nature and purpose of the processing is described in Section 2.2.3 of the DPA.

3.3.5 The period of retention of Customer Personal Data in relation to the processing will end upon customer’s written request.

3.3.6 For transfers to Subprocessors, the subject matter and nature of the processing is described at: https://appetize.io/subprocessors. The duration of processing by Subprocessors is the same as by Data Importer.

3.4. For purposes of Annex I, Part C of the Standard Contractual Clauses (Competent Supervisory Authority), the competent supervisory authority/ies shall be determined in accordance with EU GDPR and Clause 13 of the Standard Contractual Clauses.

3.5. Sections 3 and 4.3 of the DPA contain the information required under Annex II of the Standard Contractual Clauses (Technical and Organizational Measures).

3.6. In addition to the above stipulations, each of the following forms part of the Standard Contractual Clauses and sets out the parties’ understanding of their respective obligations under the Standard Contractual Clauses:

3.6.1 Clause 8.9 of the Standard Contractual Clauses: Audit. Data Exporter acknowledges and agrees that it exercises its audit right under Clause 8.9 by instructing Data Importer to comply with the audit obligations described in Section 8 (Customer Audit Rights) of the DPA.

3.6.2 Clause 9(c) of the Standard Contractual Clauses: Disclosure of Subprocessor agreements. The parties acknowledge that Data Importer may be restricted from disclosing onward subprocessor agreements to Data Exporter due to subprocessor confidentiality restrictions. Even where Data Importer cannot disclose a subprocessor agreement to Data Exporter, the parties agree that, upon the request of Data Exporter, Data Importer shall provide all information it reasonably can in connection with such subprocessing agreement to Data Exporter.

3.6.3 Clause 12 of the Standard Contractual Clauses: Liability. To the greatest extent permitted under Data Protection Law, any claims brought under the Standard Contractual Clauses will be subject to any aggregate limitations on liability set out in the Appetize.io Agreement.

4. Transfers of Customer Personal Data Protected by FADP.

4.1. With respect to transfers of Customer Personal Data protected by FADP, the Standard Contractual Clauses will apply in accordance with Sections 2 and 3 above, with the following modifications:

4.1.1 any references in the Standard Contractual Clauses to “Directive 95/46/EC” or “Regulation (EU) 2016/679” shall be interpreted as references to FADP;

4.1.2 references to “EU”, “Union”, “Member State” and “Member State law” shall be interpreted as references to Switzerland and Swiss law, as the case may be; and

4.1.3 references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Swiss Federal Data Protection and Information Commissioner and competent courts in Switzerland.

5. Transfers of Customer Personal Data Protected by UK GDPR.

5.1. With respect to transfers of Customer Personal Data protected by UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued under S119A(1) Data Protection Act 2018 (“UK Addendum”), shall apply and be incorporated by reference into this DPA, with Part 1: Tables completed in accordance with the applicable stipulations in Section 3 of this Schedule 1. Either data exporter or data importer may terminate the UK Addendum pursuant to Section 19 of the UK Addendum if, after a good faith effort by the parties to amend the DPA to account for the approved changes and any reasonable clarifications to the UK Addendum, the parties are unable to come to agreement. To the extent of any conflict between Section 3 of this Schedule 1 and any mandatory clauses of the UK Addendum, the UK Addendum shall govern to the extent UK GDPR applies to the transfer.

Acknowledgements

iPhone 14 Pro image provided by Rafael Fernandez, CC BY-SA 4.0, via Wikimedia Commons.

Pixel 6 image provided by Mliu92, CC BY-SA 4.0, via Wikimedia Commons.

Looking for negotiated terms? Please Contact Us.