TERMS AND CONDITIONS

1. INTRODUCTORY PROVISIONS

1.1 These Terms and Conditions for the use of the Brands360 portal (hereinafter “Terms and Conditions”) regulate mutual rights, obligations and principles of the contractual relationship between Brands360 Sp Zoo., with its registered office at OS Stare Zegrze 10/11, VAT No.: PL7831711836, entered in the Commercial Register maintained by the Regional Court in Poznan, Poland (hereinafter “Provider”), and the Provider’s con¬tracting partner that has successfully registered in the Brands360 portal (hereinafter “User”).
1.2 These Terms and Conditions form an integral part of the contractual relationship between the Provider and the User, in accordance with Section 1751(1) of Act No. 89/2012 Coll., Civil Code, as amended (hereinafter “Civil Code”).

2. DEFINITIONS OF SERVICES PROVIDED

2.1 The Provider operates the Brands360.biz portal (hereinafter “Portal”) to provide communication services, based on SMS, e-mail and other alternative communication technologies. These services allow you to send messages from the Portal and from third-party applications through the API to the Users’ final recipients. It also allows messages to be received and their content to be processed (hereinafter “Service”).

3. PROVIDER’S RIGHTS AND OBLIGATIONS

3.1 The Provider, hereby, undertakes to provide the User with the Service under the conditions stipulated herein.
3.2 The Provider reserves its right to verify payment before the Service can be used and not to transfer credit to the User for the payment in the case of any doubt (e.g. the payment seems fraudulent, the identity of the person sending the payment does not match the User, etc.).
3.3 The Provider shall not be liable for the content of messages sent by the User when using the Service. The User shall be exclusively liable for the content from the electronic communication.
3.4 The Provider undertakes to ensure the operation of the Service, including all necessary hardware and software of the Provider so that it can be used by the User.
3.5 The Provider shall keep its equipment in such a technical and operating condition to ensure that the User can use the Service in the usual quality.
3.6 The Provider is entitled to change essential technical parameters of the Service if said change is a result of significant changes of the Service’s technical parameters by mobile operators or other irreplaceable providers.
3.7 The Provider is entitled to extend and improve the Service, implement new features of the Service and develop the technology used.
3.8 The Provider is entitled to enter the User into its electronic database of Service users, monitor and archive operations performed by the User when using the Service in order to evaluate and improve the quality of the provided Service.
3.9 If the User violates any of the provisions of the Terms and Conditions or a binding legal regulation, the Provider is entitled to request the User to provide compensation for any potential damage incurred by the Provider, such as contractual penalties or other sanctions that the Provider has paid or will pay to third parties (national authorities, mobile operators, other contracting partners) due to the violation of a contractual or legal obligation of the User.
3.10 The Provider shall not be liable for any misuse of funds in the accounts of registered Users of the Portal by third parties. However, the Provider shall take necessary action to prevent such misuse.
3.11 The Provider is entitled to archive the history of messages sent and received and the User’s IP address for 4 years, mainly to be able to provide public authorities with necessary assistance.
3.12 The Provider shall archive issued invoices for 5 years after their issue date for accounting purposes.

4. USER’S RIGHTS AND OBLIGATIONS

4.1 The User shall use the Service exclusively for their own need and shall not disclose their username and password for the Service to a third person without the Provider’s prior written consent Provider. The User shall protect its password and take all appropriate and necessary measures to prevent third persons from accessing the password. If the User violates this obligation, the User shall be liable for any damage incurred by the Provider as a result of that; in this case, the Provider shall not be liable for any damage incurred by the User.
4.2 The User shall not use the Service to bother third parties, in particular, to send unsolicited data (spam). In accordance with Act No. 480/2004 Coll., on certain information society services, as amended, the User is obliged to have the addressee’s consent to receiving business communications. Under this Act, the User’s business communications text shall also contain the identity of the sender on whose behalf the communication takes places, and clearly and distinctly mention that addressees may express their disinterest in receiving further business communications free of charge.
4.3 The User is not entitled to choose a name for the sender that is not associated with the User of the Service and gives the impression that the User of the Service is another generally known user (Facebook, Google, Apple, Instagram, Halifax, HSBC etc.).
4.4 The User is not entitled to insert and send content that gives the impression that the sender is another generally known user (phishing).
4.5 When registering or verifying the phone number in the Portal, the User is not entitled to enter somebody else’s phone number. 4.6 The User is not entitled to enter or import any of its end users’ sensitive data into the Portal.
4.7 The User shall inform the Provider without undue delay about any circumstance or fact known to the User in advance (e.g. excessive volume of distributes messages) which could affect the use of the Service.
4.8 The User is not entitled to use the transactional channel for sending bulk (i.e. advertising) messages.

5. PAYMENTS

5.1 The User undertakes to pay the Provider a fee for the use of the Service according to the current valid price list.
5.2 The User undertakes to pay the fee for the use of the Service in advance by means of pre-paid credit which will be afterwards credited to the User’s account registered in the Portal.
5.3 The validity of purchased credit is unlimited; this shall be available without prejudice via Art. 7.2.1 of the Terms of Conditions.

6. COMPLAINT PROCEDURE

6.1 The Provider shall not be liable to the User for any damage incurred by the User when providing and/or using the Service that has occurred without the Provider’s fault and/or due to circumstances excluding liability.
6.2 In particular, the Provider shall not be liable for damage caused, other than proper and timely sending and/or delivering of messages if the message is transmitted to an operator’s paid network or if the Service is unavailable for reasons attributable to third parties, particularly to operators, due to intervention of national authorities and/or for reasons for which the company cannot be held liable (force majeure).
6.3 The liability for any Service defects will be addressed in a complaint procedure. A complaint relating to the Service can be lodged via the contact form or by a written notice sent to the Provider’s re¬gistered address. If the complaint is legitimate, the Provider will re-supply the Service without undue delay.

7. PRIVACY

7.1 Brands360 will not intercept, monitor, copy or disclose any User messages or personal information about the User or the User’s Brands360 account, phonebook or MSISDN’s, other than in the normal course of the use of the Services, without the User’s prior permission unless Brands360 believes in good faith that such action is necessary to conform to legal requirements, to co-operate or comply with legal process, investigations, summonses, subpoenas and the like, to protect and defend the rights, property or legally protectable interest of Brands360, the User or other third party, to enforce any of the provisions of these terms and conditions or to protect Brands360´s business or reputation. The User agrees that Brands360 may access its account and message contents for the purposes described above without notice and in order to respond to service or technical issues and that Brands360 may communicate with the User from time to time for purposes including, but not limited to, communicating information regarding any updates, upgrades, notices, or other information.
7.2 A recipient of a message has the right to know the identity of the sender, and this will be disclosed on request to the recipient.
7.3 Users agree that Brands360 may make use of website visitor and non-identifiable account usage data for statistical and analytical purposes. When making use of these services, Brands360 does not process or share any data that allows any third party to identify any individual persons. In accepting these terms services, a user agrees that Brands360 may use and share de-personalised data for the analytics purposes set out above.
7.4 Users agree that they shall not violate any privacy laws, regulations or applicable codes of conduct relating to the protection of personal information of End Users including but not limited to names, addresses, email addresses, landline and mobile telephone numbers and shall not disclose the personal information of end users to any third party save without the express consent of the End User or where specifically required or permitted by law to do so.
7.5 Where the personal data of any EU member state subject is transferred to Brands360 in a non-EU member state for processing, Brands360 undertakes to ensure technical and organizational security measures that provide a level of protection appropriate to the risks represented by the processing of such data and in order to protect such data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access or any other unlawful form of processing. For further information on Brands360’s Privacy Policy please refer to page on web site Brands360.

7.1 Brands360 will not intercept, monitor, copy or disclose any User messages or personal information about the User or the User’s Brands360 account, phonebook or MSISDN’s, other than in the normal course of the use of the Services, without the User’s prior permission unless Brands360 believes in good faith that such action is necessary to conform to legal requirements, to co-operate or comply with legal process, investigations, summonses, subpoenas and the like, to protect and defend the rights, property or legally protectable interest of Brands360, the User or other third party, to enforce any of the provisions of these terms and conditions or to protect Brands360´s business or reputation. The User agrees that Brands360 may access its account and message contents for the purposes described above without notice and in order to respond to service or technical issues and that Brands360 may communicate with the User from time to time for purposes including, but not limited to, communicating information regarding any updates, upgrades, notices, or other information.
7.2 A recipient of a message has the right to know the identity of the sender, and this will be disclosed on request to the recipient. 7.3 Users agree that Brands360 may make use of website visitor and non-identifiable account usage data for statistical and analytical purposes. When making use of these services, Brands360 does not process or share any data that allows any third party to identify any individual persons. In accepting these terms services, a user agrees that Brands360 may use and share de-personalised data for the analytics purposes set out above.
7.4 Users agree that they shall not violate any privacy laws, regulations or applicable codes of conduct relating to the protection of personal information of End Users including but not limited to names, addresses, email addresses, landline and mobile telephone numbers and shall not disclose the personal information of end users to any third party save without the express consent of the End User or where specifically required or permitted by law to do so.
7.5 Where the personal data of any EU member state subject is transferred to Brands360 in a non-EU member state for processing, Brands360 undertakes to ensure technical and organizational security measures that provide a level of protection appropriate to the risks represented by the processing of such data and in order to protect such data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access or any other unlawful form of processing. For further information on Brands360’s Privacy Policy please refer to page on web site Brands360.

8. TERMINATION OF SERVICE, ACCOUNT CLOSURE

8.1 The Provider is entitled to terminate the provision of the Service at any time without any compensation in the following cases.
8.1.1 The User uses the Service contrary to the law of the country in the territory of which the Service is provided or in contradiction with the Polish law.
8.1.2 The User uses the Service contrary to the terms of services of mobile operators or other irreplaceable service providers.
8.1.3 The User uses the Service contrary to the Terms and Conditions.
8.1.4 A mobile operator or an administrative authority recommends or orders the termination or suspension of the Service, or
8.1.5 The User acts contrary to paragraphs 4.2 to 4.6 and 4.8 of the Terms and Conditions.
8.2 The Provider is entitled to close the User’s account without any compensation in the following cases
8.2.1 The User has not logged in the Portal for more than 2 years, or 8.2.2 The User has not purchased credit within 6 months after successful registration in the Portal.

9. FINAL PROVISIONS

9.1 Matters that are not expressly regulated by these Terms and Conditions shall be governed by the applicable legal regulations of the Poland.
9.2 The Terms and Conditions shall become valid and effective upon checking the box “I agree with the Terms and Conditions” by the User when registering in the Portal and upon successfully completing the registration in the Portal.

AGREEMENT ON PERSONAL DATA PROCESSING

The Processor undertakes to process personal data for the controller in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and under the following conditions:

1. INTRODUCTORY PROVISIONS

1.1 For the purposes of this Agreement, the processor shall be Brands360 Sp Zoo., with its registered office at OS Stare Zegrze 10/11, VAT No.: PL7831711836, entered in the Commercial Register maintained by the Regional Court in Poznan, Poland.
1.2 For the purposes of this Agreement, the controller shall be the registered user of the www.brands360.biz portal and associated applications (hereinafter “portal”) which alone or jointly with others determines the purposes and means of the processing of personal data of its contracting partners entered or imported into the portal.
1.3 The processor shall perform activities for the controller that are further described in the current version of the Terms and Conditions (hereinafter “Terms and Conditions”).
1.4 For the purposes of this Agreement, personal data shall mean any information related to the controller’s con¬tracting partners that is protected under the relevant legislation.

2. SUBJECT AND PURPOSE OF AGREEMENT

2.1 The subject of processing under this Agreement is the personal data listed below.
2.2 The purpose of this Agreement is the controller’s au-thorisation provided to the processor, enabling the provider to process the above-mentioned personal data and the regulation of mutual rights and obligations of the controller and the processor arising from the legislation for the protection of personal data, particularly from Regulation (EU) 2016/679 of the European Parliament and of the Council, when providing services according to the processor’s Terms and Conditions.

3. NATURE AND SCOPE OF PROCESSING, CATEGORIES OF DATA SUBJECTS AND DATA TYPES

3.1 The Processor is entitled and undertakes to process personal data under this Agreement, exclusively for the purpose and in accordance with the Terms and Conditions and this Agreement. The data will be processed electronically.
3.2 The controller, hereby, instructs and authorises the processor to process personal data to the extent and in the manner specified in this Agreement.
3.3 The Processor shall process, for the controller, personal data related to controller’s con¬tracting partners that the controller enters or imports in the portal. The controller shall be exclusively liable for personal data entered or imported into the portal as the processor is not able to influence the type of personal data provided.
3.4 In relation to the above-mentioned categories of data subjects, the processor shall process the following types of data for the controller:
Identification data: first name, surname, date of birth, age
Contact details: phone number, e-mail address, mailing address
Other data: web URL, gender, degree, billing details, photo, location data.
3.5 The processor is entitled to process other personal data to a minimum extent that is necessary to conduct business in accordance with the Terms and Conditions or to fulfil obligations imposed by legal regulations.

4. PROCESSOR’S RIGHTS AND OBLIGATIONS

4.1 The processor warrants the controller that when processing personal data, such technical and organisational measures are taken to ensure the compliance with all principles of personal data processing stipulated by applicable legal regulations. For this purpose, the processor shall:
a. minimise the number of persons who have access to personal data (individual types of personal data can only be accessed by certain persons with a specific user authorisation and data carriers are stored in secured areas);
b. train its employees;
c. examine the compliance with the employees’ obligations arising from the legislation for the protection of personal data and organisational measures of the processor; d. follow its internal guidelines when processing personal data; and
e. take such technical measures to protect personal data that corresponds to the risk to the data subject’s rights, taking into account the state-of-the-art, the cost of implementation and the nature, scope, context and purposes of processing, and regularly test and check these measures.
4.2 The processor undertakes to:
a. provide the controller with information necessary to demonstrate compliance with obligations under the law and information about the level of security of personal data at the controller’s re¬quest;
b. if agreed by the controller and the processor, provide the controller with assistance when:
o fulfilling the controller’s o¬bligations, arising from potential requests from data subjects to exercise their rights under the legislation for the protection of personal data;
o reporting personal data breaches to the supervisory authority or the data subject; or o fulfilling the controller’s in¬formation obligation.
4.3 The processor is obliged to:
a. protect personal data, as well as carriers containing such data against misuse;
b. prevent accidental or unlawful destruction, loss and alteration of and unauthorised access to personal data and carriers containing the data;
c. ensure that personal data is processed only by persons that have undertaken the confidentiality obligation or that are bound by the confidentiality obligation under the law; or
d. process personal data for a purpose other than those stipulated by this Agreement only with prior consent from the controller or after obtaining consent from data subjects. 4.4 The processor is entitled to:
a. authorise another processor to process personal data only under the conditions specified in Art. 6 of this Agreement; and
b. refuse to follow a controller’s in¬structions if these instructions are contrary to the legislation for the protection of personal data. The processor shall notify the controller of said contradiction with applicable legal regulations.

5. CONTROLLER’S RIG¬HTS AND OBLIGATIONS

5.1 The controller declares that they are the controller of personal data under the applicable legal regulations, i.e. the person determining the purpose and means of personal data processing.
5.2 The controller shall:
a. ensure that personal data is obtained and processed in accordance with applicable legal regulations;
b. fulfil the information obligation towards data subjects arising from applicable legal regulations;
c. provide the processor or ensure that the processor is provided with personal data that is accurate, up-to-date and corresponds with the performance under the Terms and Conditions; and
d. provide the processor with personal data in a timely manner and with the assistance necessary for the performance under this Agreement.
5.3 When processing personal data, the controller shall take technical and organisational measures to ensure the compliance with all principles of personal data processing stipulated by applicable legal regulations. For this purpose, the controller shall:
a. minimise the scope of personal data processed;
b. minimise the number of persons with access to personal data; and
c. take said technical measures to protect personal data that corresponds to the risk to the data subject’s rights, taking into account the state-of-the-art, the cost of implementation and the nature, scope, context and purposes of processing.

6. FURTHER PROCESSING

6.1 The controller, hereby, grants the processor consent to the authorisation of another processor to process personal data if it is necessary for the provision of the service agreed in the Terms and Conditions.
6.2 The processor is explicitly entitled to disclose personal data for the above purpose, in particular to mobile operators, SMS aggregators and other providers of telecommunication services.
6.3 The controller, hereby, grants the processor its explicit consent to the transfer of personal data to third countries for the purpose of performance under the Terms and Conditions.

7. DURATION OF PROCESSING

7.1 The duration of personal data processing corresponds to the duration of the service provision under the Terms and Conditions agreed between the controller and the processor.
7.2 After the termination of the contractual relationship, the processor is entitled to process personal data to the extent and in the manner specified in the Terms and Conditions.

8. FINAL PROVISIONS

8.1 This Agreement and rights and obligations arising from the Agreement shall be governed by the laws of the Czech Republic.
8.2 This Agreement shall become valid and effective upon checking the box “I agree with the Agreement on personal data processing” by the controller when registering in the portal and upon successfully completing the registration in the portal.

PRIVACY POLICY

At BRANDS360, we care about your personal data. It is very important to us to be transparent about the data we collect about you, how we use such data and with whom we share it. We do not directly interact with our customers’ end users, and all the information that our Customers submit is shared with us on their sole discretion in accordance with the General Service Terms and Conditions, Agreement for Services and Data Processing Agreement concluded with our Customers.

This Policy describes the principles of processing of Personal Data that is submitted to BRANDS360 or that otherwise becomes available to BRANDS360 in connection with use by the Clients and other users of the Website, Software and Services. This Policy is an agreement between the Clients and BRANDS360, which states how Personal Data submitted by the Clients is processed by BRANDS360 on behalf of the Clients.Please read this Policy carefully to understand the practices that BRANDS360 applies regarding processing of Personal Data.

This Policy constitutes an integral part of the agreement entered into between the Clients and BRANDS360. By viewing the Website and/or using the Software and Services, the Clients confirm that they have familiarized themselves with this Policy, understood it and agree to its terms. Upon initial registration with BRANDS360, the Clients (via their authorized representatives) also confirm the above-said by creating the account, which declares the Client´s acceptance of and consent to the processing of Personal Data as described in this Policy. This Policy also constitutes an agreement between the Clients (as controllers of Personal Data) and BRANDS360 (as processor of Personal Data) in the meaning of article 28 of GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council).

BRANDS360 shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, BRANDS360 advises to periodically review the Policy in the case of any changes to it. Continued use of the Website, Software and Services means the consent to any such changes. If the Client or other users do not agree with any or all terms of this Policy or any possible changes to it, then they should immediately close the Website and cease using the Software and Services. BRANDS360 has drafted this Policy in cooperation with its legal adviser in accordance with the requirements of GDPR. BRANDS360 does its best to ensure that processing of Personal Data is in full compliance with applicable legal requirements.

DEFINITIONS

Client(s) means legal persons, who register themselves on the Website and use it and the Software in accordance with the Terms and this Policy for the purpose of using the Services.
Data Subjects means all natural persons, whose personal data is submitted to BRANDS360 in connection with using the Website, Software and the Services, including recipients of the Services (clients of the Clients).
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Policy means this privacy policy of BRANDS360 as amended from time to time.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Service(s) means a business text-messaging service for sending notifications, alerts, reminders, confirmations and email or SMS marketing campaigns. Service is rendered via a Website-based platform or by using the Software.
Software means web-based interface, mobile app and other downloadable and integrable software developed and maintained by BRANDS360 for the purpose of provision of the Services.
BRANDS360 means Brands 360 Sp Zo.o., a limited liability company registered in Poland under company number PL7831711836 with the registered office at OS Stare Zegrze 10/11, ZIP 61-249, Poland, European Union and all its affiliates.
Terms means the terms of service of BRANDS360 that establish the terms and conditions of using the Website, Software and Services by the Clients and other users.
Website means the websites of www.BRANDS360.biz

PERSONAL DATA THAT BRANDS360 PROCESSES. OBJECTIVES OF PROCESSING

For the purpose of provision of the Website, Software and the Services, BRANDS360 processes the Personal Data that the Clients provide about their own clients, who are the recipients of the Services. The types of such data are not restricted and depend on the decision of the Clients how they want to use the Services and generally include the name, contact telephone number, but may also include e-mails, avatars, country, addresses etc.

BRANDS360 keeps the register of the Personal Data that it processes in accordance with this Policy.
BRANDS360 processes the Personal Data upon:

  • usage of the Software and Services by the Clients, including when they submit to BRANDS360 information about their clients;
  • communication between Clients and/or Data Subjects with customer support of BRANDS360 in connection with the Website, Software and Services

 

BRANDS360 works closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive Personal Data from them;
BRANDS360 sends messages to the Clients by electronic means (e-mail or SMS) with information about improvements of the Website, Software and Services, new proposals and developments (direct marketing). BRANDS360 sends such messages to the contact details provided by representatives of the Clients at the moment of registration or updated later. The Clients confirm hereby and guarantee that contact details provided by representatives of the Clients are at all times company details of the Clients, but not personal contact details of representatives and therefore BRANDS360 can use such contact details freely to send its marketing messages without any additional obstacles. The Clients may at any time unsubscribe from the newsletters by clicking on the corresponding specific link contained in each newsletter.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

BRANDS360 processes Personal Data in accordance with the laws of the location of BRANDS360 and its affiliates, where the processing of Personal Data is conducted.
BRANDS360 processes Personal Data submitted to it by the Clients based on the contracts with the Clients for the purpose of using the Website, Software and Services and to the extent that this data is provided by the Clients.
In accordance with Article 4 (7) of GDPR the Clients are the controllers of Personal Data that they submit to BRANDS360 for the purpose of using the Website, Software and Services, including the data regarding clients of the Clients that the Clients submit to send and receive SMSs to and from their clients as recipients. According to Article 4 (8) of GDPR BRANDS360 acts as the processor on the Client’s behalf when processing the Personal Data submitted by the Clients. Therefore, the Clients:

  • are fully responsible for the processing of Personal Data that they submit to BRANDS360;
  • guarantee to BRANDS360 explicitly that the Clients in order to use the Website, Software and Services have all the necessary consents and/or other legal grounds from Data Subjects for lawfull processing of Personal Data in accordance with this Policy;
  • confirm that they have obtained from the Data Subjects all the necessary consents for submitting of Personal Data to BRANDS360 and processing of such data in accordance with the terms of this Policy;
  • have a full overview of Personal Data that they submit to BRANDS360 and guarantee that all such data that they submit is necessary for use by them of the Website, Software and Services and is kept up-to-date;
  • oblige to inform BRANDS360 immediately of the expiry of legal grounds for processing, modification, inaccuracy or change to the Personal Data that the Clients submit to BRANDS360.

 

When using Services for direct marketing, the Clients are responsible for complying with all the legal requirements in connection with direct marketing and data subjects’ rights. BRANDS360 is only providing the platform for sending messages, but the Clients are solely responsible for the content of messages sent using the Services. The Clients understand that there are different legal rules for direct marketing in different countries. When the Services are used for direct marketing, the Clients must comply with all requirements for direct marketing of the country, where the receiver of the direct marketing message is residing. For instance, in EU countries the Clients are obliged to send with direct marketing a message with the information on how the Data Subject can waive from direct marketing and there are also certain requirements for the content of commercial messages.
BRANDS360 processes the personal data only on documented instructions from the Clients. The Clients insert these instructions by using Services (e.g. inserting command to send messages to its clients) and by agreeing with the Policy and Terms. The instructions of the Clients for processing of Personal Data must always comply with the applicable laws and BRANDS360 reserves to itself the right to refuse to fulfil the instructions that are in the opinion of BRANDS360 unlawful.
Taking into account the nature of the processing, BRANDS360 shall assist the Clients by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Clients´ obligation to respond to requests for exercising of Data Subject’s rights laid down in GDPR, including the right of access to Personal Data by Data Subjects, right to rectification, right to be forgotten, right to restriction of processing etc. BRANDS360 shall accept instructions for fulfilment of the rights of Data Subjects only from the Clients. Should the Data Subjects approach BRANDS360 with the requests for fulfilment of their rights, BRANDS360 shall inform the Clients and act according to instructions from the Clients. Obligation to delete the data of Data Subjects shall always remain with the Clients and BRANDS360 shall not undertake deletion for and on behalf of the Clients, unless otherwise explicitly stipulated in the Policy or Terms.
BRANDS360 shall assist the Clients in ensuring compliance with the obligations of guarantying security of processing of Personal Data as established by GDPR while taking into account the nature of processing and the information available to BRANDS360. Inter alia BRANDS360 undertakes to:

  • apply appropriate technical and organizational measures aimed to insure security, confidentiality and integrity of data. More precisely the applicable security measures by BRANDS360 are described in section 6 below;
  • periodically monitor its internal processes and the technical and organizational measures to ensure that processing of Personal Data is in accordance with the applicable law. BRANDS360 shall also monitor the processing of Personal Data conducted by Third Parties as much as possible (see section 4 below);
  • notify the Clients in the most expedient time possible under the circumstances and without unreasonable delay and, where feasible, not later than 72 hours after having become aware of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data (herein: Security Breach). In consultation with the Clients, BRANDS360 shall take appropriate measures to secure the data and limit any possible detrimental effect on the Data Subjects;
  • cooperate with the Clients and provide them with information and assistance, where reasonably possible, in connection with Security Breaches, including in communication with supervisory authorities and Data Subjects;
  • cooperate and assist the Clients in conducting processing impact assessments, if applicable.

BRANDS360 shall make available to the Clients all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the Clients or another auditor mandated by the Clients (all at the expense of the Clients). On-site audits and inspections must be agreed with BRANDS360 in advance, be conducted during normal working hours and not unreasonably disturb the everyday activity and business of BRANDS360. Right to audits and inspections does not extend to the facilities and premises of Third Parties.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

In the course of providing the Services and access to the Website and Software, BRANDS360 uses different third party service providers, to whom it may also transfer Personal Data (herein: Third Parties). By virtue of this clause the Clients are fully informed and expressly authorize, totally or partially, to use the corresponding Third Party service providers and provide Personal Data to them, as it may be required. These service providers include the following:

  • Server service providers;
  • Website, Software and Services development services, including software development, analytical data processing, PHP and JavaScript errors tracking;
  • Providers of safety measures, including fraud protection, protection and encryption of BRANDS360 traffic, email domain authority detection tool;
  • E-mail service providers;
  • SMS sending/receiving service providers;
  • Communication service providers;
  • Customer support service providers
  • Data processing service providers

BRANDS360 shall inform the Clients of any intended changes concerning the addition or replacement of Third Party processors and give the Clients the opportunity to object to such changes. BRANDS360 has the right to stop providing Services to the Clients, who object to the change concerning the addition or replacement of processors. BRANDS360 has entered into individual service provision contracts with some of the service providers. With others the relationships are based on the general terms of service of these service providers. Prior to entering into relationships with third party service providers BRANDS360 makes its best efforts to guarantee that the terms of processing of Personal Data of its partners are in accordance with the principles of this Policy and applicable laws. For this purpose BRANDS360 shall carefully review the terms of processing of Personal Data by its partners. Furthermore, BRANDS360 carefully screens the on-going relationships with Third Party service providers and in case of their non-compliance shall immediately terminate relationships with them. BRANDS360 may disclose/transfer Personal Data:

  • under applicable law, including laws outside the locations of BRANDS360, its affiliates or Data Subjects;
  • to comply with legal processes;
  • to respond to requests from the public and government authorities including public and government authorities outside the locations of BRANDS360 and its affiliates;
  • to enforce this Policy or Terms, to protect operations, the rights, privacy, safety or property of BRANDS360 and/or to pursue available remedies or limit the damages.
  • BRANDS360 makes its best efforts to limit the amount of Personal Data that it transfers for processing to Third Parties as it is necessary for the provision of specific services or to pursue specific goals.

The Website and Software may contain links that redirect to other websites. For example, when accessing services of a third party such as PayPal when making a payment. This Policy does not apply to such third party websites, which BRANDS360 does not operate, and BRANDS360 does not accept any responsibility or liability for these policies. BRANDS360 advises to review the privacy policies of those third parties.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

In connection with some specific development works, troubleshooting of service issues, data storage or other necessary services, BRANDS360 may transfer Personal Data to BRANDS360´s con¬tractors, some of which may not be working or operating in the European Economic Area (i.e. 28 European Union countries + Iceland, Liechtenstein and Norway), herein: Third Countries).
Data protection levels in Third Countries might differ from the corresponding level of the European Economic Area, and some Third Countries might have a lower level of data protection. Therefore, in case of the transfer of Personal Data to the Third Countries, the risk of loss, misuse or becoming public of Personal Data may be higher in comparison to the European Economic Area. However, BRANDS360 has taken all reasonable measures to protect Personal Data in Third Countries. Our contractors, who process personal data in Third Countries, are contractually obliged to obey the same data protection level as in the European Union.
Given the above said, the Clients hereby explicitly confirm their awareness of the named possibility to transfer Personal Data to Third Countries and the possible risks of such transfers. The Clients hereby explicitly confirm that they have also obtained the explicit consent from all Data Subjects, inter alia their clients, who are recipients of the Services, and their own representatives, as required by legislation to transfer their Personal Data to Third Countries.
BRANDS360 shall apply appropriate safeguards when transferring Personal Data to the Third Countries.

SAFETY MEASURES FOR PROTECTION OF PERSONAL DATA

BRANDS360 takes the appropriate legal, organizational and technical measures to protect Personal Data consistent with applicable privacy and data security laws. Security measures shall be applied to protect Personal Data from involuntary or unauthorized processing, disclosure or destruction. BRANDS360 stores all Personal Data on secured servers. The security measures include:

  • Access to the servers is protected with individual accounts, usernames and passwords for each authorized person (employees/sub¬contractors);
  • BRANDS360 is keeping track and a log of all activities on the servers;
  • BRANDS360 can immediately close access to the servers to any authorized persons;
  • Access to the servers is restricted in terms of (a) persons, who have access to it, (b) information, to which authorized persons have access according to the essence of their working duties, © actions that authorized persons can perform with Personal Data stored on the servers;
  • BRANDS360 keeps reviewing, who of the authorized persons are actually required to have access to Personal Data and, if access is not required, will withdraw the right of access.

BRANDS360 shall ensure that all its employees, contractors, agents, suppliers and consultants, who have access to the Personal Data are fully aware of and abide by their legal duties and responsibilities.
Employees and other contractors of BRANDS360 are obliged by binding agreements not to disclose or make available for use to anyone other than BRANDS360 during their agreement with BRANDS360 and eternally after its termination any Personal Data that they may have access to during their agreements with BRANDS360. BRANDS360 has door locks in offices from where Personal Data can be accessed.

RETENTION PERIODS

BRANDS360 shall preserve the Personal Data as long as it is required for the use of the Website, Software and Services by the Clients.
The Clients confirm that they agree with the provided above retention and guarantee to inform and obtain necessary approvals from their clients and representatives for application of such retention periods.

YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA

Pursuant to the applicable European and national regulations on the personal data protection, you can access or delete your personal data, as well as to exercise other rights in order to have control on how your personal data is collected, used and shared. Where permitted by applicable law or regulation, you have the right to: Access your personal data that we process about you and to learn the origin of the data, the purposes of processing and the period for which your personal data will be processed, who are the controllers and processors of your personal data and to whom your data may be disclosed;
Withdraw your consent at any time where your personal data is processed pursuant to your consent;
Update or correct your personal data so that it is always accurate;
Delete your personal data from our records if it is no longer needed for the purposes indicated above;
Restrict the processing of your personal data in certain circumstances;
Obtain your personal data in an electronic format; and
File a complaint with us and/or the relevant data protection authority.

You may exercise these rights by contacting us by the contact information specified below providing your name, email address and purpose of your request.
Where permitted by applicable law or regulation, you have the right to object to the processing of your personal data, or to tell us to stop processing your personal data (including for purposes of direct marketing). Once you have informed us of this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.You may exercise this right in the same manner as for your other rights indicated above.

CONTACT INFORMATION

If you have any questions on how we use your personal data, if you wish to exercise a certain right or to resolve any complaint in respect to the processing of your personal data, you can contact us by sending an email to the following email address:
info@brands360.biz

Menu