Terms and Conditions
This document defines the terms and conditions in the relationship (“Contract”) between the entity that contracts the services of Oct8ne (“Client”) and Manujola, S.L , domiciled at Av. Coll del Portell, 41 Local 1 – 08024 Barcelona (“OCT8NE”), which regulates the license to access and use of the “Sales Suite” Services of OCT8NE provided as Software as a Service mode by OCT8NE. These Terms and Conditions will apply to all subscriptions of the Services (as defined below) as set forth in the Subscription Details. Unless otherwise agreed in writing, these Terms and Conditions shall prevail over any contrary or additional provision indicated in an order or request, unless such circumstance is expressly mentioned and agreed upon by both Parties.
The Subscription Details (configuration, services, and price) are established in the Client’s registration form at oct8ne.com.
Unless otherwise indicated or clearly deduced from the context, words that start with capital letters have the specific meaning indicated below:
Agents: Customer’s commercial agents in their support centre for End Customers, who use the Service to interact with them.
End Customer: designates a customer or user (e.g. a consumer) of the Customer´s e-commerce site/s, with which the Customer´s Agents can communicate and interact through the Service.
Access Codes: refers to the codes (digital certificate, login name and password or other forms of identification) necessary for agents to access and use the Services.
Price: means the amounts to be paid by the Customer for the use of Services in accordance with this Contract.
Customer Data: designates any data, information or material that the Customer (including its Agents) and/or its End Customers transmits or uploads to the Service when using it, or is collected by the OCT8NE Technology through the use of the Service, including on a illustrative, catalogue, prices, sales and final customer data.
Details of the Subscription: means the conditions and particular data established in the sheet with the same name attached, or in a service offer accepted by the Customer and OCT8NE.
Technical Documentation: the technical manuals (including the Agent’s Guide) published by OCT8NE related to the Services, delivered to the Customer.
Subscription Period: period of time during which the Customer can access the Services as indicated in the Subscription Details.
OCT8NE Technology: means all the technology owned by OCT8NE (which includes -among others- the software, hardware, products, processes, algorithms, user interfaces, knowledge and processes, know-how, techniques, designs and other information or tangible technical materials or intangibles) whose functionalities are made available to the Customer when providing the Service.
Service(s): means the services provided by OCT8NE to allow Agents to interact with End Customers and accessed via simple (HTML code) or complete (through API) integration designed by OCT8NE, as described in the Technical Documentation. The Services include the maintenance and updates of said Services eventually implemented by OCT8NE.
1.- Subscription and Agents
1.1. Subject to compliance with the terms of this Contract, the Customer is granted a non-transferable and non-exclusive right to access and use the Services for Agents hired, solely for their own use and for providing value-added services for their End Customers in the use of their own e-commerce website indicated in the Subscription Details.
1.2. The Customer undertakes to (i) not license, sublicense, sell, resell, transfer, assign, disseminate or make available to third parties, or commercially exploit with third parties (except with Final Customers) the Service, in whole or in part; and (ii) not create a product, software or service with functionality identical to the Services and that may compete with them.
1.3. Additionally, the Customer agrees that, through or through the Service, neither he nor his End Customers and authorized internal users (i) will send or store material that contains any form of “malware”; (ii) interfere with or affect the integrity and functioning of the Service and the data it contains; or (iii) will attempt to obtain unauthorized access to the Service and related systems and networks.
1.4. For security reasons, OCT8NE monitors the use of the Service through the Customer Access Codes and will inform you of any suspicious use contrary to these Conditions or current regulations that may be detected in your account. OCT8NE reserves the right, upon notice to the Customer to put in place new mechanisms to verify and prevent unauthorized access or illegal activities.
2.- Obligations and responsibilities of the Customer
2.1. By signing this Contract, OCT8NE will provide the Customer (a) with the HTML code to perform the integration with the Service and (2) the Access Codes necessary to use the Services. The Customer will only be able to access and use the Services (and access to the data stored in the Service) by said codes.
2.2. The Customer is responsible for all and any activity carried out by its Agents and in their account (s) with their Access Codes. The Customer must comply with all laws and regulations, whether local, national or international, applicable to the use of the Service, including but not limited to those related to international communications and the transmission of technical or personal data and the rest of the regulations on personal data.
2.3. The Customer must: (i) maintain the confidentiality of its Access Codes; (ii) notify OCT8NE immediately of any unauthorized use of its passwords or accounts, or of any other known or suspected security breach; (iii) inform OCT8NE immediately and do everything possible to immediately stop any unauthorized use of the Services that the Customer or its authorized internal End Customers know or suspect; and (iv) not pretend to be another user of the Service or offer false information or identity to obtain access to or use of the Service.
3.1. The subscription price of the Services is established and invoiced in accordance with the terms established in the Subscription Details.
3.2. The Customer agrees to pay the Price on time, according to the Subscription Details in force at any time. The delay in payment will accrue legal interest for delay, from the date on which said payment was due until the effective payment date.
3.3. The right to use the Service may be suspended or cancelled if the payment is delayed or cannot be made for any reason in more than 10 days. In case of termination of the Contract, the Customer must pay all outstanding balances with respect to his account, calculated in accordance with the previous section, as well as the accrued interest.
3.4. Price updates. The Price of the Services may change annually with the renewal of the Contract with thirty (30) days written notice. The new Price will be applied to the next renewal period. If the Customer does not reject such change in writing requesting the termination of the Services, or if he continues to use the Services after the renewal date, the Customer will be deemed to have accepted the new Price.
4.- Data of the Customer
4.1. The Customer is responsible for the Customer Data loaded, transmitted or collected in the use of the Service, including with respect to its accuracy, quality, integrity and legality. Without prejudice to what is stated in clause 5 (Confidentiality and Privacy), neither OCT8NE nor its own suppliers will be responsible in case of the elimination, correction, destruction, damage, loss or error in the storage and processing of the Customer’s Data made or caused by the Customer through his use of the Services.
4.2. Upon the termination of this Contract (except for breach by the Customer as indicated in clause 6.4), at the request of the Client during a period of thirty (30) days following the termination, a file with all the Customer’s Data in that stored in the Service will be made available to the Customer.
4.3. For the purposes of maintenance, statistical analysis and for the improvement of the Service, OCT8NE can store, process and analyse the Customer’s Data anonymously. Customer Data, anonymous or not, may not be transferred or made available to third parties in any way.
5.- Confidentiality and Personal Data
5.1. Both Parties agree that during the term of this Contract, confidential information or information subject to intellectual and/or industrial property rights may be disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”). ) (together, the “Confidential Information”). The Confidential Information also includes any data received by the Customer and during the period in which you use the Services. The Confidential Information will not include information that the Receiving Party can demonstrate that (i) is, at the time of its disclosure, or subsequently converted, into the public domain through a source other than the Receiving Party; (ii) was known to the Receiving Party at the time of its disclosure; (iii) is developed independently by the Receiving Party; or (iv) has been subsequently facilitated by a third party that is not under a duty of confidentiality towards the Disclosing Party.
5.2. The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not contained in this Contract, and will disclose the Confidential Information of the Disclosing Party only to employees or contractors of the Receiving Party who need to know it for the purposes of this Contract and that are subject to an obligation of confidentiality no less restrictive than the duty of confidentiality of the Receiving Party under this Contract. The Receiving Party shall protect the Disclosing Party’s Confidential Information from unauthorized use, access and disclosure in the same way that the Receiving Party protects its own confidential information or is subject to intellectual and/or industrial property rights of a similar nature.
5.3. Also, the Receiving Party may disclose the Confidential Information of the Disclosing Party to the extent that such disclosure is: (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to defend its rights under this Contract in relation to a legal proceeding; or (iii) required by law or by order of a court or similar administrative or judicial body, provided that the Receiving Party timely notifies the Disclosing Party about such mandatory disclosure in writing and cooperates with the Disclosing Party, upon request, in any legal action challenging or restricting the scope of said mandatory disclosure.
5.4. Personal Data: in the event that OCT8NE accesses personal data under the responsibility of the Customer during the provision of the Services, the provisions of the Privacy Annex of Oct8ne shall apply.
5.5. Cookies: In addition, Annex 2 (cookies) indicates the cookies that will be implemented in the Final Customer’s equipment during the provision of the Service. OCT8NE will collaborate with the Customer to indicate any additional information requested by the Customer to comply with the regulations applicable to cookies.
5.6. The obligations set forth in this clause will apply after the expiration or termination of this Contract.
6.- Term and Termination
6.1. The duration of this Contract will be the one define in the Details of the Subscription. Unless otherwise indicated in the Subscription Details, it may be renewed automatically for monthly or annual periods (as applicable) except in the case of written denunciation from one Party to the other at least thirty (30) calendar days before the renewal date.
6.2. Each Party accepts and acknowledges that if it has materially violated this Contract for any reason (including, but not limited to, the failure to pay the outstanding Fees), and such breach has not been corrected within fifteen (15) days after of the notification of non-compliance, the other complying Party may terminate this Contract by notifying the other with immediate effect.
6.3. Notwithstanding the foregoing, OCT8NE may suspend the Services provided to the Customer based on any breach by him of clause 1 or 2 of the Contract, and/or (b) in the case of delay or non-payment of any Fee for more than 10 calendar days. If the delay is greater than 20 calendar days, or the Customer, for a second time, incurs in a delay of more than 15 calendar days, OCT8NE may terminate the provision of the Service immediately by written notice to the Customer, and without prejudice to payment claims, damages in their favour. OCT8NE shall not be liable for any liability or damage suffered by the Customer as a result of such suspension or termination in accordance with this provision.
6.4. In case of termination of this Contract by OCT8NE for just cause, unless otherwise agreed in writing with OCT8NE, all the Customers’ rights to access or use the Service will terminate immediately.
Clauses 5 to 10 of the Contract will remain binding for the parties even if the Contract has been terminated or its duration has simply ended.
7.1. The Customer declares and guarantees to OCT8NE that (i) it has the power and the authority to sign this Contract and comply with the obligations set forth in it; (ii) any information provided to OCT8NE for the purpose of formalizing this Contract is authentic, correct and updated; and that (iii) the Customer has all necessary rights over the data that is delivered to OCT8NE in the course of using the Services; and (iv) the Customer will use the Services only for legal purposes and will not infringe any law or right of third parties.
7.2. OCT8NE warrants to the Customer that (i) it has the power and authority to sign this Contract and comply with the obligations set forth therein; (ii) OCT8NE will provide the Services in an efficient, diligent and professional manner and with the competition that is expected in the sector; (iii) the Services will be substantially in accordance with the Technical Documentation; and that (iv) OCT8NE has and will have during the term of this Contract the right to grant the rights granted under Section 1.
7.3. The Service Level Agreement in Annex 1 to this Contract establishes the only guarantee and the sole obligation and responsibility of OCT8NE in relation to the availability and/or provision of the Service, or its lack of availability and/or non-compliance.
7.4. Except for the express warranties described in this section, and to the fullest extent permitted by applicable mandatory law, the Services and any technology or access to them that OCT8NE provides pursuant to this Agreement are provided “as which “and OCT8NE does not offer any kind of guarantees, either expressly or implicitly, including, without limitation, guarantees of merchantability or fitness for a particular purpose or breach of rights of third parties.
7.5. OCT8NE does not guarantee that the Services will be uninterrupted or error-free; and does not offer any guarantee in relation to the results that could be obtained from the use of the Services or in relation to the accuracy, veracity or content of any information, good or service contained in the Services or provided through them. OCT8NE is not responsible for the content or loss of any data transferred to the Customer or by it, or saved by the Customer or any Customer’s End of the Customer through the Services.
8.- Limitation of liability
8.1. To the fullest extent permitted by applicable law, neither Party shall be liable to the other or to any other person for any indirect damages (including loss of profits or loss of goodwill), for any reason related to this Contract or for the purpose thereof, including derivatives of the use or inability to use the Service, or due to the results obtained through the Service or any interruption, inaccuracy, error or omission thereof, regardless of whether such liability is affirmed in based on a contractual, extra-contractual or other way.
8.2. Also, the liability of any of the Parties under this Contract for any direct damages either contractual or extra contractual (including negligence or otherwise) will, in no case, exceed the actual amount paid by the Customer for the Services that gave rise to said damage prior to the date of the damage (provided that the above limitation of liability is not considered as a waiver of any rights of OCT8NE to enforce this Contract in relation to the fees due to OCT8NE by the Customer in accordance with to Clause 4).
8.3. These limitations do not apply to damages caused by wilful misconduct or gross negligence of the parties or with respect to any physical injury to individuals or their death. In these cases, the Parties’ liability (and the liability of their affiliates, agents, content providers and service providers) will be limited to the extent permitted by applicable law.
9.- Intellectual and Industrial Property
9.1. OCT8NE and its licensors hold all intellectual and industrial property rights in the Service, including, but not limited to, the OCT8NE Technology, its contents, applications, the API and the user interface of the Service. All rights not expressly granted are reserved to OCT8NE.
9.2. This Contract does not imply a sale of any product, and does not give the Customer any right of ownership in or on the Service, including, but not limited to, the underlying OCT8NE Technology of the Service or any other Industrial Property right or Intellectual property owned by OCT8NE and its licensors.
10.- Other provisions
10.1. Applicable law. The validity, interpretation, enforceability and compliance with this Contract must be governed and interpreted in accordance with the laws of Spain.
10.2. Jurisdiction. Any claims and conflicts shall be filed to the competent courts of the city of Barcelona, Spain, to the exclusion of any other jurisdiction that may correspond to the Parties.
10.3. Reference. The Customer agrees to: (i) serve as a reference for OCT8NE; (ii) collaborate in press releases that advertise or promote the relationship between both Parties; and (iii) collaborate on case studies or other marketing material.
10.4. Force Majeure: Neither Party will be responsible for failure or delay in fulfilling its obligations under it (other than the obligation to pay the Fees) if said breach or delay is due to circumstances beyond its reasonable control.
10.5. Independent contractors The Parties and their personnel are and shall be independent entities and neither party under this Contract shall have any right, power or authority to act or create any obligation, express or implied, on behalf of the other party. This Agreement or any Subscription does not establish any joint venture or association, and the fulfilment of any obligations derived from this Contract or any subscription of services will not give rise to the creation of such relations.
10.6. Modification. Unless otherwise provided, this Contract may not be modified without the written consent of the Customer and a management position of the OCT8NE.
10.7. No-resignation. Failure to exercise and delay in exercising any right, remedy or power under this Contract shall not constitute a waiver of same, and the individual or partial exercise of any right, remedy or power under this Contract shall not prevent any other exercise or subsequent exercise thereof or the exercise of any other right, remedy or power established in this Contract or in accordance with law or equity. The waiver of any of the Parties regarding the time of performance of any act or condition under this Contract shall not constitute a waiver of the act itself or of the condition itself.
10.8. Assignment. This Contract will be binding for the Customer, OCT8NE and each one of their respective successors and assignees, and will be of benefit to them. The Customer may not assign or transfer the rights or obligations of this Contract, in whole or in part, without the prior written consent of OCT8NE, consent that will not be unjustifiably denied. Any attempt of assignment or transmission that fails to comply with the above will be considered void.
10.9. Integrity. If a court with competent jurisdiction considers any provision of this Contract to be invalid, unenforceable or void, the remaining conditions of this Contract will remain in full force and effect and the excluded provision will be replaced, to the extent possible, by a legal provision, enforceable and valid that is as similar as possible to the disposition excluded to the extent provided by law.
10.10. Personalization requests. OCT8NE will consider in good faith any request from the Customer to customize the Services provided (or any part of them). Any customization work must be agreed in writing between both parties at the usual OCT8NE rates in force at any time. The fees corresponding to any personalization work must receive the prior approval of the Customer so that OCT8NE can perform the same.
10.11. Notifications Any notice under this Contract must be sent to the address of the other party indicated in the Subscription Details, in writing and by registered, certified or urgent postal mail, or by courier service, by fax or email, to the email address indicated above (in the latter case, it will only be valid with confirmation of effective reception of the email). The notification will be considered delivered at the time of delivery or three (3) days after shipment, duly addressed and postage paid, whichever occurs first.
10.12. Indivisible contract. This Contract, together with the documentation that is incorporated by reference, constitutes the complete and exclusive declaration of mutual understanding of the parties in relation to the object of the Contract and supersedes any other statements.
Annex 1 – OCT8NE Service Level
This Annex on OCT8NE support services establishes the levels of service and support to be expected in relation to the OCT8NE Sales Suite Service. The purpose of this Annex is to guarantee maximum quality and timely delivery of the Services to OCT8NE Customers. The service level agreements established in this section constitute the warranties of OCT8NE against any claim regarding service levels.
How to contact us:
Free Intranet Technical Support Address: secure.oct8ne.com
Free Technical Email Support firstname.lastname@example.org
Hot line (registration required) Tel: (+34) +93285 65 13 / Time: 9:00-18:00 (GMT)
“Incidents applicable to Support” means:
(a) an availability failure of the OCT8NE Platform (the “Platform”); or
(b) a failure of the underlying technology in the Service (the “Software”) due to operating error or non-compliance with the specifications established in the Technical Documentation, which results in the impossibility of use, or the restriction in the use of services.
1.- Levels of Service. . OCT8NE offers the following levels of service:
- a) a) Service Availability : OCT8NE strives to provide the Services on a 24/7 basis. We try to avoid planning scheduled interruption periods during normal service hours or peak hours for the Service.
- b) Reliability of the Service: OCT8NE guarantees the time of availability of the Platform to 99% on an annual basis, except for scheduled interruptions and cases of force majeure. Scheduled interruptions will last less than 8 hours per month and will not exceed six (6) events/month. We will notify the Customer at least 48 hours before any scheduled interruptions.
Besides the scheduled interruption time, the availability of the service is guaranteed as follows:
|Availability %||Interruption / year||Interruption / month||Interruption / week|
|99%||4 days||8 hours||2 hours|
Also, the level of reliability (“availability”) depends on the availability and response times of Microsoft Azure, whose policies are exposed in the links indicated at the end of the document.
- c) Maintenance Service: Unscheduled interruptions will be resolved according to the severity levels defined in Section 5.
- d) Backups of data Backup copies of customer data are made regularly using the systems provided by Microsoft Azure. At least one full backup is done every week and the copy is stored for 35 days. In each week at least one incremental copy is stored daily.
- e) Recovery of data: If the OCT8NE Service fails due to an error by OCT8NE or a third party that provides the hosting service to the Platform (currently Microsoft Azure) and requires data recovery, there will be no charge for services of data recovery by copying / restoring security of procedures enabled for OCT8NE.
- Support Services. The support services for OCT8NE Sales Suite (“Support Services”) include (a) the guarantee of making available the Platform as indicated and (b) the implementation of the resolutions of incidents supported in the Platform.
- Contact us. Unless otherwise agreed, all Support Services are offered through the designated technical support contacts, or through the panel of each Agent, where it has a section for incidents. Otherwise, for general falls, contact us at the indicated phone number or email.
- Incidents not supported. The Support Service does not include:
a) Technical Assistance: questions about the use of the Services, the configuration or the customized development of computer systems (such as the customizations of any interface with the OCT8NE Sales Suite Service or the integration of the Service with data or software of any other manufacturer or provider), or technical problems not related to technical errors in the Platform or the Software.
- b) Improvement Requests due to a lack of the current characteristics of the OCT8NE Sales Suite Service, requiring new programming and/or requests for product improvements.
These issues are beyond the scope of the Support, according to the reasonable criterion of OCT8NE, support for this type of requests can be provided through professional services offers of OCT8NE (such as first level technical assistance, Training, Specialized Consulting or services of outsourcing). However, OCT8NE may review such additional support requests, which may be included in the release of a new version, at the discretion of OCT8NE. The decision of OCT8NE with respect to these requests will be notified to the Customer.
- Solutions and Critic nature. OCT8NE will make all commercially reasonable efforts to respond to the incidents subject to Support and display a solution designed to resolve an incident reported by the Customer in accordance with the Service Table below. When registering an incident, a priority level must be assigned, as described below in the Table, which will be confirmed or modified by OCT8NE.
|Level of severity of the incident||Incidence||Response by OCT8NE Support||Contact Method||Initial Response Time||Maximum resolution time||Contact frequency|
|Critical||A critical incidence implies that
– The service is affected critically or is completely inoperative.
– Critical operations or functionalities of the service are not operative.
– All efforts to use the Service by the user are blocked
|OCT8NE agrees to:
(1) assign specialist/s to correct the problem expeditiously;
(2) provide permanent communication about the situation via email and/or telephone according to the Customer’s preference
(3) start working towards the identification of a definitive solution or a temporary fix
|Indicate the incident directly through online access in the OCT8NE support portal.
The Customer can request OCT8NE to respond via telephone, if available in their support plan.
|2 hours (working hours)||8 hours (working hours)||The status is updated daily (on weekdays)|
|Major||A greater incidence implies that:
– The Service works with limited capabilities.
– The Service is unstable with periodic interruptions.
– The main function or purpose, is not affected but has experienced service interruptions.
– It is a question that affects the performance or the concrete results that the Final Clients receive.
|OCT8NE will assign a specialist to begin resolution of the incident and, to the extent that the OCT8NE Support Services staff reasonably deems it necessary, will initiate an escalation in the resolution procedures of OCT8NE.||Ídem||4 hours (working hours)||24 hours (working hours)||The status is updated weekly (in non-holiday period)|
|Lower||Lower incidence means that:
− There are errors that cause the partial loss of non-critical functionalities (it undermines some operations but allows the Client to continue functioning).
− It is necessary to clarify the procedure or information in the Documentation.
− There are errors in the service that could affect the performance of the services.
|Ídem||Ídem||8 hours (working hours)||48 hours (working hours)||NA|
|Trivial||Trivial incidence means that
– There are errors in the system that have little or no impact on performance
|Ídem||Ídem||8 hours (working hours)||1 week||NA|
|Change request||A change request implies that:
– There is a request for improvement of the Product
|OCT8NE will respond based on relevance and interest in the incorporation of this feature||Ídem||NA||NA||NA|
- Technical Support Contact. The Support Services will be accessible by the number of designated contacts (“Technical Contacts”) of the Customer. Customers may modify their Technical Contacts at any time during the term of the Contract by electronic mail whose receipt is confirmed by OCT8NE, or through the Support website. The Technical Contacts will be the only point of contact for Support Services.
- Conditions to provide support. OCT8NE’s obligation to provide Support Services is conditioned to the following: (a) related to the Services, the Customer will make reasonable efforts to correct the incident after consulting OCT8NE, if its participation is necessary; (b) the Customer will provide OCT8NE with sufficient information and resources to identify and correct the incident through the Support Portal, as well as access to additional personnel, hardware and software involved in the discovery of the incident (if necessary); (c) the Customer will obtain, install and maintain all the equipment, telephone lines, communication interfaces, operating system software and hardware necessary to correctly access the Service.
- Exclusions from the Support Service. OCT8NE is not required to provide support services in the following situations:
a) unsupported incidents referred to in section 4 above.
b) incidents caused by the integration or interface of technologies of the Customer with the Service performed by third parties (API integration, etc.), or negligence, the malfunction of the Customer’s hardware and software or other causes beyond our reasonable control;
c) incidents caused by third-party software used to access the Service that is not indicated, authorized by or through OCT8NE; or
d) Subscription fees for the provision of Support Services are pending payment.
- Suspension and termination of the provision of Support Services. OCT8NE reserves the right to suspend compliance with the Support Services if the Customer fails to pay any amount that must be paid under the applicable service contract, when such amount is due.
SLA Microsoft Azure:
MODIFICATION REGARDING THE PROCESSING OF PERSONAL DATA
This Modification on Privacy applies to any processing of personal data made by Manujola, SL, domiciled at Av. Coll del Portell, 41 Local 1 – 08024 Barcelona, (hereinafter the Supplier or Manager of the Treatment ) within the framework of the contractual relationship with any entities that contract the services of Oct8ne (hereinafter Customer or Responsible for the Processing.) When contracting the services of Oct8ne and/or clicking on the acceptance button of this Modification, the Customer accept the provisions of this Modification.
- The Customer has entrusted the Supplier with the provision of the services of a software solution for the interaction with the users and customers of electronic commerce in real time, marketed under the name “OCT8NE Sales Suite”, and offered by OCT8NE to its customers remotely in “Software as a Service”.
- For the proper provision of related services, the Customer shall make available to the Supplier certain personal data under its responsibility, including, without limitation, the categories of data indicated in Annex I to this Addendum.
- Likewise, for the correct provision of the services, the Supplier must contact and manage the commercial relationship with the Customer. For this purpose, it deals with certain personal data of the contact persons of the Customer. Its treatment is governed by the provisions of Annex IV to this modification.
- In compliance with the regulations in force in Protection of Personal Data, both parties freely agree to regulate the access and processing of the aforementioned personal data, based on the following.
For all the purposes of this contract, they are understood as:
- Personal data:all information identified or identifiable of an individual; any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or several elements of the identity, physical, physiological, genetic, psychic, economic, cultural or social will be considered an identifiable physical person.
- Responsible for processing:the individual or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller.
- Stakeholder:is the identified or identifiable individual
- Responsible for processing:the individual or legal entity, public authority, service or other body that, alone or together with others, determines the purposes and means of treatment.
- Treatment:any operation or set of operations performed on personal data or personal data sets, either by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of access authorization, collation or interconnection, limitation, suppression or destruction.
- Violation of personal data security: any breach of security resulting from the destruction, loss or accidental or unlawful alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to said data.
- Purpose and term
The purpose of this Modification on personal data processing that the Controller makes available to the Data Controller so that he can provide the services identified in Annex A. The term of this contract is defined under the mercantile agreement that has been formalized between both parties.
- Accessed data and purpose of the process
The Data Controller may access the category of the interested parties and data set out in Annex I of this contract. Access by the Data Controller to the personal data of the Controller shall be solely and exclusively to comply with the purposes related in Annex A.
- Obligations and rights of the Controller
According to current regulations in Protection of Personal Data, the Controller must:
- a) Apply appropriate technical and organizational measures in order to guarantee and be able to demonstrate that the processing in according to current legislation
- b) Adopt data protection policies
- c) Guarantee that the Data Protection Delegate or, failing that, the Privacy Manager participates adequately and in a timely manner in all matters related to the protection of personal data
- d) Adhere to the Code of Conduct approved by the Commission or corresponding body
- e) Keep a record of the activities in case of processing personal data that pose a risk to the rights and freedoms of the interested party and/or in a non-occasional manner, or that involves the processing of special categories of data and/or data related to convictions and infractions.
- f) Make available to the interested parties the essential aspects of this agreement, at the request of the Data Controller.
- g) Indistinctly attend the legal exercises established in the regulations in force in Protection of Personal Data and complying with the provisions indicated in clause 5 even if said exercise is addressed to the Data Controller.
- h) Indicate to the end-users the use of the cookies indicated in Annex III, in the use of the services of the Provider.
- Obligations and rights of the Data Controller:
According to the current regulation regarding data protection, the Data Controller commits to:
- a) Treat personal data only following documented instructions of the Responsible, including with respect to transfers of personal data to a third country or an international organization, unless required to do so under Union law or the Member States that apply to the manager; in such case, the person in charge will inform the person in charge of that legal requirement prior to the treatment, unless such Law prohibits it for important reasons of public interest.
- b) Guarantee that the persons authorized to process personal data have committed to respect confidentiality or are subject to an obligation of confidentiality of statutory nature.
- c) Take all appropriate technical and organizational measures to ensure a level of security appropriate to the risk of treatment.
- d) Respect the conditions set to resort to another Data Controller, as established in the regulations in force in Protection of Personal Data.
- e) Assist the Controller, taking into account the nature of the process, through appropriate technical and organizational measures, whenever possible, so that it can fulfil its obligation to respond to requests that have the object of the exercise of rights of the interested.
- f) Help the Controller to guarantee compliance with their obligations, taking into account the nature of the treatment and the information that is available to them.
- g) At the discretion of the Controller, delete or return all personal data once the provision of the services end, and delete the existing copies unless the preservation of personal data is required under Union law or Member States.
- h) Make available to the Controller all the necessary information to demonstrate compliance with the obligations established in this article, as well as to allow and contribute to the performance of audits, including inspections, by the person in charge or by another auditor authorized by the controller.
- i) Treat the personal data made available to the Controller in a way that ensures that the staff under his/her charge follows the instructions.
- j) Guarantee that the Data Protection Delegate or, in the absence thereof, the Privacy Manager participates adequately and in a timely manner in all matters related to the protection of personal data.
- k) Adhere to the Code of Conduct that may be approved by the Commission or corresponding body.
- l) Keep a record of treatment activities in case of processing personal data that pose a risk to the rights and freedoms of the interested party and / or in a non-occasional manner, or that involves the processing of special categories of data and / or data related to convictions and infractions.
- m) Indistinctly attend the legal exercises established in the regulations in force in Protection of Personal Data and complying with the stipulations indicated in clause 6 even if said exercise is addressed to the Controller.
- Exercise of rights by the interested party
If an Interested Party sends any request or exercises any of the rights established in the current regulations on Protection of Personal Data, the Controller and/or Data Controller must provide information on the requested and performed actions, without delay and, at the latest, within one month of receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of requests. In the same sense, but in the event that the Controller and/or the Data Controller does not follow up on the request of the interested party, it will inform him/her without delay, and no later than one month after the receipt of the request, of the reasons why he has not acted and of the possibility of presenting a claim before a Control Authority and of filing a judicial appeal. The response to the request to the exercise of right will be made in the same format that the interested party has used, unless it requests that it be proceeded otherwise.
- International Data Transfer:
International transfers of personal data can only be made if the requirements of the Spanish Agency for Data Protection or any other national or community regulations that regulate them are complied with. In the event that an International Data Transfer is carried out or is planned to be made, this type of treatment must be regulated independently of this contract for the rendering of services, which will be binding between the parties from the moment of signing. Said regulation will be referenced as an Annex and will be attached to this contract. If some of the parties decide to carry out International Transfers of Data, without the consent of the other party, the FIFTH clause will be rendered null and void, freeing the affected party from any liability that may arise.
As the Data Controller, the Supplier can provide access to the Customer’s Personal Data to a subcontractor (Assistant Data Controller) if it considers that such access and treatment is necessary for the proper performance of the Services. In the case of such access and before access occurs, the Supplier will ensure that there is an agreement with the third party that is sufficient to require it to process the personal data in accordance with the applicable provisions of this Contract and the applicable regulations. The Customer authorizes the Supplier to subcontract said treatment on its behalf to the assistant data controllers indicated in Annex II, and recognizes that the security policies indicated by said sub-contractors gather sufficient guarantees for the correct treatment of their data.
- Violation of data security
As soon as there is an instruction from the control authority, a national legislative development that regulates these communications or a delegated act, in case of violation of the personal data security e, the Controller and/or the Data Controller will notify it to the competent Control Authority without undue delay and, if possible, no later than 72 hours after having had it.
- Termination, resolution and extinction
The termination, resolution or extinction of the contractual relationship for the provision of services between the Controller and the Data Controller, will oblige the latter to preserve the personal data provided by the former, provided that there is a legal obligation of conservation. Once the deadline for covering legal liabilities has elapsed, the personal data must be destroyed or returned to the Controller, as well as any support or document that contains any personal data.
According to current regulations on the Protection of Personal Data and for the provision of services that are expressed in this contract, the Data Controller will deal with the type and category of data of the Controller, which are detailed herein:
|Type of interested party||Data category|
|Web users of the customer (visitor)||– Identification: Email, Name.
– Contact: Telephone (Optional). Zip code (optional).
– Technicians: Client IP, URL, Browser, Operating system
|Information stored in visitor browser cookies||– Status: Visitor status, viewer status, user app.
– Technical ID: Internal identifier of the Visitor, of the Visitor’s room, of the session, of the open socket connection, if it is a new or recurring visitor.
– Management: messages not read by the visitor, system blocking, oct8ne opening within iframes, agent and dept assignment, session summary.
|Information stored in visitor browser Storage session||– Activity: the products seen from the visitor, cart, search,
– Techniques: URL, cache, sound level,
– Interaction: messages, video call, idle time
|Customer agent information||– Techniques: IP, browser, Operating System
– Identification: Name, email,
– Contact: email, phone, Skype user (optional)
|Information stored in agent browser cookies||– Technical identification: Internal identifier of client and agent,,
– Configuration: time difference, dashboard language, signup language, open socket connection
|Information stored in agent browser Storage session||– Activity: search, cache, products seen,
– Information session: currency, active filters
ANNEX II – Authorized assistant controllers
|Assistant controller||Type of process||URL with privacy / security policy|
|Microsoft Azure||Service host||https://privacy.microsoft.com/es-es/privacystatement|
|Recurly||Subscription and payment management||https://recurly.com/legal/privacy|
ANNEX III – Oct8ne cookies
|oct8ne-status||Contains the current status of the visitor.||This cookie is stored for 30 minutes as long as it does not change its status, if it does, the expiration time is restored.|
|oct8ne-visitor||Contains the unique visitor identifier to recognize the number of customer visits.||This cookie lasts one year|
|oct8ne-room||Contains the identifier of the current session.||This cookie is for the session; as soon as oct8ne or the browser closes, it is automatically deleted.|
|oct8ne-coviewer||Contains the current status of the viewer..||This cookie is for the session; as soon as oct8ne or the browser closes, it is automatically deleted.|
|oct8ne-session||Contains the numeric identifier of the session.||This cookie is for the session, as soon the browser closes it is automatically deleted.|
|oct8ne-connection||Contains the identifier of the connection in real time. Only if there are agents connected to establish the connection.||This cookie is for the session, as soon as oct8ne closes it is automatically deleted|
|oct8ne-pendingMessages||Contains the number of unread chats when the chat is minimized.||This cookie is for the session, as soon as oct8ne or the browser closes it is automatically deleted, also when it is opened again the chat is deleted.|
|oct8ne-statusBeforeMin||It contains the last status of the viewer before minimizing it.||This cookie is for the session, as soon as oct8ne or the browser closes it is automatically deleted, also when it is opened again the chat is deleted.|
|oct8ne-triggered||When oct8ne is opened from “trigger”, we activate the cookie to avoid making checks to open oct8ne automatically.||This cookie is for the session, as soon the browser closes it is automatically deleted|
|oct8ne-product-page||This cookie is added when you go to the page of a product from the “add to cart” button in the Oct8ne viewer.||This cookie is for the session, as soon the browser closes it is automatically deleted|
|oct8ne-login||This cookie is added when you go to the login page from the “Login” button in the Oct8ne viewer.||This cookie is for the session, as soon the browser closes it is automatically deleted|
|oct8ne-block||If the visitor has already been previously blocked, oct8ne is no longer activated from the beginning.||This cookie lasts 6 hours|
|TestMode||If oct8ne is deactivated and the administrator wants to test the site, we add this cookie to activate only oct8ne|
ANNEX IV –The Supplier as Controller
According to the data protection laws, it is necessary to process the personal identification data of (a) the people mentioned in the service contract and (b) the Customer’s technical and commercial contact persons (name, surname, position, email address and telephone number) for the correct execution of the contract, for the sending of technical, administrative and commercial communications, for the billing of the contracted services, and in general to administer our contractual and commercial relationship with the Customer and to inform you of Immediate on any aspect related to the services provided or that may be performed by the Company in the future.
Said personal data will not be shared with third parties, however, it will be treated in our CRM, a service provided by Zoho CRM, which is an entity within the “EU-US Privacy Shield” program based in the United States, with which we have a contract for data processing that meets the sufficient guarantees in accordance with the applicable regulations. The Supplier shall keep the aforementioned data during the term of the service contract and then store it in a blocked manner, for 6 years after its termination, for fiscal, administrative and legal purposes.
Although the consent of the aforementioned people is not necessary for this treatment, the Customer agrees to inform them of the possibility of exercising their rights of access, rectification, cancellation and opposition, limitation and restriction of treatment in the terms established by the current legislation, writing to the following address: email@example.com . If you wish, you can also file a complaint with the Spanish Agency for Data Protection.
The Customer declares that the data of the aforementioned persons are correct and up to date, and undertakes to (a) communicate the provisions of this clause to the aforementioned persons and (b) communicate any modification of said data to the Supplier, to keep them updated.