Terms of Service

1 INTRODUCTION

1.1. The e-satisfaction platform provides tools and services to businesses for the collection, processing and management of their customers’ opinion and data, in order to export statistical conclusions related to the overall experience provided to their customers, facilitating the creation of trust and customer satisfaction between business and its customers (the “Services”).

1.2. The e-satisfaction platform is owned and operated by “E-satisfaction S.A. Services of Systems in Purchasing Experience Société Anonyme” (hereinafter referred as “e-satisfaction”), having its registered offices in Athens, 27 Paliggenesias street, with Tax Identification Number: 800602928, under the Tax Authority of Athens (FAE of Athens), tel. no.: 0030-2118003728, e-mail: info@e-satisfaction.com. The Services are provided by e-satisfaction.

1.3. The present Terms of Service, which include the Data Processing Agreement (as ANNEX 1), regulate the use of the e-satisfaction platform and the provision of the Services. By signing up for a User Account, the user is agreeing to the present Terms of Service, which include the Data Protection Agreement (ANNEX 1), which results in a binding legal agreement between the Registered User and e-satisfaction and constitute the entire agreement between the Registered User and e-satisfaction (the “Agreement”), and supersede all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter.

2 USER ACCOUNT

2.1. ELIGIBILITY: In order to create a User Account, obtain access to the e-satisfaction platform and receive Services, a user must complete the registration process (sign up) and accept the present Terms of Service (the “Registered User”). User agrees not to use any false, inaccurate or misleading information when signing up.

2.2. B2B AGREEMENT: A Registered User can be either (a) an individual, at least eighteen (18) years old and able to enter into contracts, who acts in his/her commercial or professional capacity and obtains the Services for his/her own business or for a third party (e.g. a client of the said individual) or (b) a legal entity obtaining the Services for its own business or for a third party (e.g. a client of the said legal entity). Use of the e-satisfaction platform and use of the Services is exclusively for professional use. Both, e-satisfaction and the Registered User, acknowledge that this is intended to be, and actually is, a Business to Business (B2B) agreement.

2.3. If the user has signed up for the Service on behalf of a third party (e.g. client of the Registered User) or user’s employer, the user represents and warrants that the said user has the required legal capacity and authority to accept the Agreement, i.e. the Terms of Service and the Data Protection Agreement (included as ANNEX 1 to the Terms of Service), and enter into the Agreement on the third party’s or employer’s behalf and to assign to e-satisfaction the provision of the Services.

2.4. Upon submission of the registration form (application), e-satisfaction will send at the provided email address an e-mail to verify the user’s email. The user will need to confirm registration by clicking a unique URL included in the said email, which will direct the user to the e-satisfaction platform and complete registration. The submission of the registration form by the user is merely an application request; e-satisfaction reserves the right to reject any application at its sole discretion. The Agreement is deemed valid, effective and enforceable only when the user completes registration by way of clicking the provided unique URL. A User Account is created for each Registered User.

2.5. TERM: The term of the Agreement begins when the user completes registration, as described in clause 2.4 and continues until the Registered User or e-satisfaction terminates the Agreement in accordance with clause 9 of the Term of Service. Service terms are specified in Service Packages.

2.6. CHANGES: e-satisfaction may make non-material changes to these Terms of Service at any time without notice, but e-satisfaction will provide to Registered Users advance notice of any material changes to these Terms of Service by publishing revised Terms of Service and by notifying Registered Users of the new Terms of Service by sending an email to the Registered User’s registered email address or displaying prominent notice in the e-satisfaction platform. The changes to the Terms of Service will not apply retroactively and will become effective 30 days after provision of notice; however, changes made for legal compliance reasons will be effective immediately upon notice. Unless the Registered User terminates User Account within 15 days as of notification of the revised Terms of Service, the revised Terms of Service will be effective and apply to any continued or new use of the Services. e-satisfaction may, at any time, at its sole discretion and without prior notice, (a) change the e-satisfaction website, any of the Services, the e-satisfaction platform, or any features/ functionalities/ content/ interface/ configuration/ technical specifications of the Services and/or the e-satisfaction platform, and/or (b) discontinue the e-satisfaction website, any of the Services, the e-satisfaction platform and/or any features/ functionalities/ content/ interface/ configuration/ technical specifications of the Services and/or the e-satisfaction platform.

2.7. ADMINISTRATION: A Registered User may create and administer under the User Account one or more Applications (which is the core element of a Service, in which a Registered User can create questionnaires, generate reports and setup campaign functionalities) and Organizations (businesses to which an Application may relate with). The Registered User’s administration rights include, among others, the following:

(i) right to view and process data collected and/or stored in the User Account and to generate results and data;
(ii) right to add or remove further user(s) with access to certain Application(s) and/or Organizations (the “Further User”) and assign and manage Further User’s role and administration rights (refer to clause 2.8 for further details);
(iii) right to edit business settings and information (category, URL, logo etc.);
(iv) right to terminate the Agreement (per clause 9) and delete the User Account;
(v) right to order a Service;
(vi) right to process and manage Service Generated Data (as defined in clause 7).

2.8. GRANTING ACCESS TO FURTHER USERS: The Registered User may invite other users to have access to certain Application(s) and/or Organizations. The Registered User may assign and manage administration rights of a Further User in relation to an Application and/or an Organization. The Registered User represents and warrants that the Registered User has the required legal capacity, power and authority to invite and add and assign rights to a Further User and that Further User has the required legal capacity, power and authority to be added and function as a Further User. An invited user will need to sign up as a new “Registered User”, accept the Terms of Service and open a new “User Account”.

2.9. PASSWORDS: Registered Users are responsible for keeping their account name and password confidential. Registered Users are also responsible for the User Account that they have access to and any activity occurring in such User Account, whether they have authorized that activity or not. Registered Users must promptly notify e-satisfaction of any unauthorized access or use of the User Account at privacy@e-satisfaction.com. e-satisfaction shall not be responsible for any damages or losses due to stolen or hacked passwords that are caused by or result from Registered Users’ negligence.

3 SERVICES

3.1. Services are provided upon payment (the “Paid Services”) or on a trial basis for free (the “Trial Services”).

3.2. Registered User (and authorized Further User) may choose between available Service Packages, each of which offers a certain amount of Service Credits to be used for specific Services within a specific period of time (term). Paid Services can be ordered via the e-satisfaction platform by a Registered User or an authorized Further User and are provided upon pre-payment of a relevant fee.

3.3. Subject to the terms of the Agreement, e-satisfaction hereby grants Registered User a limited term, non-exclusive, non-transferable, non-assignable right to access and use the Services as contemplated by the Agreement.

3.4. The right to access and use the Services does not give Registered User any right to, and Registered User may not: (i) tamper, circumvent or bypass any technological protection measures in or relating to the software used to offer the Services; (ii) disassemble, decompile, decrypt, hack, emulate, exploit, or reverse engineer any software and/or other aspect of the Services; (iii) publish, copy, lease, sell, or distribute any software and/or Service; (iv) transfer or assign the right to access or use the Services.

3.5. After the end of the term of a purchased Service Package or expiration of purchased Service Credits, until the Registered User (or Further User, if applicable) purchases a new Service Package and before termination of the Agreement per clause 9, the Registered User (and Further User, if applicable) will have access only to User Account Data and previously generated Service Generated Data (as defined in clause 7).

4 PAYMENT

4.1. Paid Services must be paid in advance. The Registered User must provide a valid payment method and valid billing details and represents and warrants that the Registered User has the required legal capacity, power and authority to do so.

4.2. By providing e-satisfaction with a payment method, Registered User (i) represents that Registered User is authorized to use and provide the said payment method and that any provided payment information is true and accurate; and (ii) authorizes e-satisfaction to charge for the ordered Paid Services using the provided payment method.

4.3. e-satisfaction may bill, using the billing details provided, (a) in advance or (d) on a recurring/ subscription basis, depending on the ordered Paid Service. When Registered User purchases a Service on a subscription basis (e.g., monthly or annually), Registered User authorizes recurring pre-payments for the term of the Paid Service or until the subscription for the Paid Service is terminated by the Registered User or by e-satisfaction. Subscription fees are charged in advance of the applicable subscription period.

4.4. Paid fees for a specific Service Package are non-refundable and may not be transferred to or used for other Service Packages.

4.5. In case a Registered User wishes to upgrade to another Service Package before the end of the term of a purchased Service Package, the Registered User will need to pre-pay the difference between the two Service Packages; Service(s) and term of the new Service Package will begin as soon as pre-payment is confirmed per clause 4.6. Downgrade to another Service Package is not possible before the end of the term of a purchased Service Package.

4.6. PAYMENT METHODS: Acceptable payment methods are: (i) Credit/debit card: no credit/debit card information is processed by e-satisfaction; (ii) Deposit to the following bank account: Piraeus Bank Account No. 5048-073083-053 ΙΒΑΝ: GR09 0172 0480 0050 4807 3083 053 SWIFT – BIC: PIRBGRAA. Deposit slip must be email at accounting@e-satisfaction.com. Services will start being provided as soon as e-satisfaction receives and confirms the deposit; (iii) Standing order on a monthly basis. A standing order is governed by the terms and conditions of the payment service provider.

5 CODE OF CONDUCT

5.1. By agreeing to these Terms of Service, Registered User and Further User (as applicable) agree that, when using the Services:

(i) will not do anything illegal;
(ii) will not use the Service in order to send any type of spam communication;
(iii) will not use the Services to share and/or communicate any inappropriate or illegal content or material;
(iv) will not in any way upload, process, communicated and generally use any User Account Data or material that does not comply with applicable laws or regulations;
(v) will not engage in activity that is fraudulent, false or misleading or libelous or defamatory;
(vi) will not introduce any infringing, obscene, libelous, or otherwise unlawful data or material into the Service;
(vii) will not circumvent any restrictions on access to or availability of the Services;
(viii) will not engage in activity that is harmful to e-satisfaction, the Services or others (e.g., transmitting viruses, communicating hate speech, etc.);
(ix) will not infringe upon the rights of others (e.g. unauthorized use IP protected content);
(x) will not engage in activity that violates the privacy or data protection rights of others;
(xi) will not attempt to gain unauthorized access to the Services;
(xii) will not use the Services for any purpose or in any manner that is unlawful or prohibited by this Agreement;
(xiii) will not help others break the above rules.

6 DATA PROTECTION

6.1. The data protection terms of the Agreement are included in the Data Processing Agreement (ANNEX 1 of the Terms of Service) which, per clause 1.3, constitutes integral part of the Terms of Service and the Agreement.

6.2. The Registered User, i.e. the Controller, is solely responsible for assessing and applying the terms of lawful processing of the Personal Data (as defined in the Data Processing Agreement) and hereby assures that the processing which the Controller assigns to e-satisfaction, i.e. the Processor, via the Data Processing Agreement meets and fulfils any and all applicable legal requirements in accordance with Data Protection Provisions (as defined in the Data Processing Agreement), e.g., as and where necessary, the Controller has informed data subjects per GDPR Section 2, has obtained prior informed consent by the data subjects, etc.

7 PROPERTY RIGHTS

7.1. Obtaining and using the Services does not give Registered User (or Further User) or any other third party (e.g. client of a Registered User) ownership of any intellectual or industrial property rights in the Services. Registered User (or Further User) or any other third party (e.g. client of Registered User) is not granted any license to any software by the Agreement. The Services are protected by intellectual and industrial property laws and they belong to and are the property of e-satisfaction (or licensors of satisfaction, if any) and e-satisfaction retains all ownership rights to Services.

7.2. USER ACCOUNT DATA: Certain Services allow Registered User to upload, store, send and otherwise process certain information and content (e.g. store id, information about a transaction, customer segment etc.) (the “User Account Data”). e-satisfaction does not claim ownership of User Account Data. Registered User retains ownership of any intellectual property or other rights that Registered User holds in User Account Data and Registered User remains responsible for it. Registered User represents and warrants that Registered User either owns or has permission to provide, use and generally process User Account Data in the course and for the purposes of using the Services.

7.3. SERVICE GENERATED DATA: All data generated using the Services by a Registered User in compliance with the Agreement and applicable laws or regulations (e.g. reports, satisfaction scores, customer feedback) shall be owned by the said Registered User.

7.4. DERIVATIVE CONTENT: Registered User grants to e-satisfaction a worldwide, non-exclusive, sublicensable, transferable and royalty-free license and right to process User Account Data and Service Generated Data and create aggregated and/or redacted and/or statistical works (including derivative works) for e-satisfaction’s business purposes (the “Derivative Content”). Derivative Content will not include personal data provided by the Registered User and will not directly identify the Registered User.

7.5. For the purposes of and to the extent needed in order for e-satisfaction to (a) provide maintain and update the Services, (b) protect e-satisfaction and the Services and/or the e-satisfaction platform, (c) to prevent or address security, support or technical issues of the Services and/or the e-satisfaction platform and (c) improve and promote e-satisfaction products and services and to develop new ones, Registered User hereby grants to e-satisfaction a worldwide, non-exclusive, sublicensable, transferable and royalty-free license and right to access, use, process, copy, distribute, perform, export and display User Account Data and Service Generated Data, for example, to make copies of, reproduce, host, retain, transmit, reformat, publish, modify, create derivative works, communicate, publicly perform, publicly display and distribute via communication tools User Account Data and Service Generated Data.

7.6. If and as applicable, Registered User represents and warrants that Registered User has secured all rights in and to User Account Data and Service Generated Data from any third parties (e.g. clients of the Registered User) as may be necessary to grant the above, under 7.4 and 7.5, licenses and rights.

7.7. E-SATISFACTION DATA: Registered User (and Further User, as applicable) agrees that the Services, including but not limited to content (other than User Account Data and Service Generated Data), graphics, user interface, scripts and source code used to provide the Services and the e-satisfaction platform, contain proprietary information and material that is owned by e-satisfaction (or licensors of satisfaction, if any), and is protected by applicable intellectual and industrial property laws and other legislation (the “e-satisfaction Data”). Registered User (and Further User, as applicable) agrees not to modify, rent, loan, sell, or distribute the Services or e-satisfaction Data in any manner, and Registered User (and Further User, as applicable) shall not exploit the Services or e-satisfaction Data or create derivative works using the Services or e-satisfaction Data in any manner not expressly authorized.

7.8. DATA EXPORT: Registered User may export (Excel/ CSV) User Account Data and Service Generated Data. Following termination of the Agreement per clause 9, e-satisfaction will have no obligation to store or maintain or provide any User Account Data and Service Generated Data and may thereafter, unless legally prohibited, permanently delete all User Account Data and Service Generated Data.

8 HUMANIZED MARKETING CAMPAIGNS

8.1. Registered User (and Further User, as applicable) will not, and will not authorize any third party to, (i) use the Service in an illegal manner (e.g. communicate advertisements in breach of applicable data protection and direct marketing legislation); (ii) advertise product, service, content or material which contravenes applicable laws and regulations in any country in which advertisements are displayed or otherwise made available; and (iii) introduce any infringing, obscene, libelous, or otherwise unlawful data or material into the Service.

9 TERMINATION

9.1. The Registered User may terminate the Agreement at any time, without cause and request the closure of the User Account by sending a termination request at info@e-satisfaction.com. Termination will be valid immediately upon receipt of the e-mail by e-satisfaction. Per clause 4.4, in such case Registered User is entitled to no refund.

9.2. e-satisfaction may terminate the Agreement without cause and close a User Account, at any time, for any reason, by giving notice to the Registered User by email; such termination will be effective 3 days as of the provision of the termination notice.

9.3. If e-satisfaction terminates the Agreement without cause during the term of a Paid Service, only fair remedy available to Registered User is mutually agreed to be a refund of a prorated portion of remaining Service correspond to the amount of unused Service Credits. e-satisfaction will not refund or reimburse Registered User in any other situation, e.g. in case of termination for cause due to breach or violation of the Agreement by the Registered User or in case of termination without cause during the term of a Trial Service.

9.4. If Registered User (or Further User, as applicable) fails, or e-satisfaction suspects that has failed, to comply with any of the provisions of the Agreement, e-satisfaction may, without notice to Registered User and with immediate effect: (i) terminate the Agreement; and/or (ii) preclude Registered User’s (or Further User’s, as applicable) access to the Services.

9.5. BACKUPS AND EXPORT: Termination of the Agreement essentially, inter alia, means suspension of Services and access to User Account. E-satisfaction will delete or anonymize User Account Data and Service Generated Data (unless e-satisfaction is required by law to keep it, return it, or transfer it to Registered User or a third party identified by the Registered User) in accordance with the Data Processing Agreement (ANNEX 1). As a result, Registered User may no longer be able to access User Account Data and Service Generated Data; thus, it is recommended that Registered User regularly backups User Account Data and Service Generated Data. In case of termination per clause 9.2, Registered User will have 3 days as of the provision of the termination notice to export User Account Data and Service Generated Data.

10 WARRANTIES AND LIMITATION OF LIABILITY

10.1. Services are provided “as is” and “as available” using a commercially reasonable level of skill and care. Except as expressly stated in these Terms of Service, e-satisfaction does not provide warranties, conditions, or undertakings of any kind in relation to the Services, either express or implied; for instance, warranties of merchantability and fitness for a particular purpose are excluded from the Agreement. e-satisfaction does not guarantee or promise that through the provided Services a business will increase its clientele or its turnover and cannot guarantee that Services will meet Registered Users’ specific needs. The Registered User can use data and information generated using the Services at its own discretion. It is solely up to the Registered User to decide how such data and information can serve to the management, operation, marketing and the processes of a business. e-satisfaction does not participate in any decision-making process nor does it influence or take part to the strategy of a Registered User or any third party business.

10.2. To the maximum extent permitted by applicable law, in no event will e-satisfaction be liable for any direct and/or indirect damage (positive damage/ loss of profits) which arise from or is related to offering, use, inability to use, operation or failure of the Services and any content included therein. In case of any proven direct and/or indirect damage (positive damage/ loss of profits) suffered by a Registered User and/or a third party due to proven slight negligence of e-satisfaction (and/or of a third party appointed by e-satisfaction to provide a Service or part thereof, and/or of a partner of e-satisfaction), e-satisfaction’s maximum, aggregate liability is limited to direct/ positive damage suffered by the said Registered User and/or a third party in a total amount not to exceed the amount paid for a specific Service Package multiplied by two (2). All limitations of liability set out in the present Terms of Service are mutually agreed as fair and valid and have expressly been acknowledged and accepted by the Registered User (and the Further User, as applicable) as such.

10.3. The Registered User bears the burden of proof of any direct and/or indirect damage (positive damage/ loss of profits) suffered by the same or any third party other than e-satisfaction and/or a third party appointed by e-satisfaction to provide a Service or part thereof.

10.4. To the maximum extent permitted by applicable law, the Registered User assumes full responsibility for any direct and/or indirect damage that results from Registered User’s use of the e-satisfaction platform and the Services. The Registered User (and the Further User, as applicable) shall be held liable to e-satisfaction for any direct and/or indirect damage incurred by, and/or third party claims raised against, e-satisfaction, which are wholly or partially due or ascribed to (a) slight negligence on the part of the Registered User (and/or the Further User, as applicable), its employees or other assistants used in using the Services, or (b) unlawful and/or anti-contractual nature and/or use of any User Account Data and/or any Registered User content related with the use of the Services.

10.5. Force Majeure: e-satisfaction shall not be held liable for any delays or failure in performance of any part of the Services, from any cause beyond commercially reasonable control of e-satisfaction. This includes, but is not limited to, acts of god, terrorist acts, riots, fires, earthquakes, strikes, power blackouts, unusually severe weather conditions, acts of hackers, acts of or third-party internet service providers, any technical or other failure of the property (e.g. website) which the Services will be setup to be used on. In the event of force majeure, Registered User may not be able to retrieve User Account Data and Service Generated Data; thus, it is recommended that Registered User regularly backups User Account Data and Service Generated Data.

10.6. The Registered User (and Further User, as applicable) will compensate, defend and indemnify e-satisfaction and its directors, officers, employees, consultants, representatives and partners from against all liabilities, damages, losses, costs, fees (including inter alia legal fees) relating to any third-party allegation or legal proceeding to the extent arising out of or related to the Services or any breach of these Terms of Service. Consultants and partners are intended third-party beneficiaries of this clause.

10.7. The Registered User (and any third party related with the Registered User, e.g. a client of the Registered User) and e-satisfaction are independent parties and neither party exercise control over the conduct of the other party’s business under the Agreement. Neither party shall be responsible for any act of the other party in the conduct of such business. Nothing in the Agreement shall be deemed to create a relationship of principal and agent or employer and employee between the parties, and each party shall be solely responsible in all respects for the employment, control and conduct of any and all persons employed by it. Neither party nor any of its employees shall be or shall represent itself as authorized to bind the other Party in any manner whatsoever.

11 APPLICABLE LAW AND JURISDICTION

11.1. The Agreement is governed by and construed according to the laws of Greece. Parties agree that they are subject to the exclusive jurisdiction of the courts of Athens, Greece.

12 OTHER TERMS

12.1. ENTIRE AGREEMENT: The Agreement constitutes the entire agreement between Registered User (and Further User, as applicable) superseding any prior agreements with respect to the same subject matter.

12.2. SEVERABILITY: If any part of the Agreement is held invalid or unenforceable, that portion shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the parties, and the remaining portions shall remain in full force and effect.

12.3. NON-WAIVER: e-satisfaction’s failure to enforce any right or provisions in the Agreement will not constitute a waiver of such or any other provision.

12.4. ASSIGNMENT: Without prejudice to clauses 2.2 and 2.8, Registered User (and Further User, as applicable) may not assign any of its rights under the Agreement to anyone else. e-satisfaction may assign its rights under the Agreement to any other individual or entity at its sole discretion.

12.5. RIGHT TO DISCLOSE BUSINESS RELATIONSHIP: the Registered User hereby grants to e-satisfaction a worldwide, non-exclusive, sublicensable, transferable and royalty-free license and right to to disclose and advertise the e-satisfaction’s business relationship with and/or offering of Service(s) to the Registered User and/or the employer of the Registered User and/or a client of the Registered User, for instance using, displaying and publishing marks/ trademarks/ logos owned by the Registered User and/or the employer of the Registered User and/or a client of the Registered User on the e-satisfaction website and/or in media and social media communications. If and as applicable, Registered User represents and warrants that Registered User has secured all authorizations and rights needed from any third parties (e.g. clients of the Registered User) in order to grant the above license and right.

 ANNEX 1 – Data Processing Agreement

This Data Processing Agreement (hereinafter referred to as the “DPA”) is made in Athens on the day when the term of the Agreement begins per clause 2.5 of the Terms of Service:

BY AND BETWEEN
The Registered User, hereinafter referred to as the “Controller”,
AND
e-satisfaction, hereinafter referred to as “Processor”.

Recitals

The Controller has entrusted the Processor with the processing of personal data relating to the provision of the Services pursuant to the Terms of Service, as agreed between the parties, under which the Processor performs the tasks detailed in the APPENDIX to the DPA (the “Tasks”). The performance of the Tasks requires the Controller to share certain personal data of the type(s) set out in the APPENDIX to the DPA (the “Personal Data”) with the Processor and further requires the Processor to process such Personal Data. For the purposes of the DPA, the terms “personal data”, “data subject”, “process”/ “processing”, “controller” “processor” “personal data breach” and “supervisory authority” shall have the meanings given to them in Regulation (EU) 679/2016 (the “GDPR”). The parties acknowledge that for the purposes of the GDPR, the Controller is the controller and the Processor is the processor and agree that the Controller will remain responsible for the data processed. In order to protect the data subjects’ rights and to comply with the requirement of the applicable Data Protection Provisions, the parties agree as follows:

1 PROCESSING INSTRUCTIONS

1.1 The Controller has instructed the Processor to process the Personal Data on behalf of the Controller and in accordance with the Controller’s instructions as included in the DPA (including the APPENDIX).

1.2 The Controller shall provide the Processor with access to the Controller’s Personal Data as described in the APPENDIX to the DPA.

1.3 The Controller is solely responsible for assessing whether and how, under Data Protection Provisions, Personal Data can be processed lawfully and for safeguarding the rights of the data subjects.

1.4 The Controller has the right to issue instructions on the type, scope, and methods of data processing; all instructions shall be issued in writing (including by e-mail).

1.5 The Controller undertakes to comply with Data Protection Provisions.

2 RIGHTS AND OBLIGATIONS OF THE PARTIES

2.1 The Processor shall process the Personal Data in accordance with all applicable legislation and provisions on the protection personal data, including inter alia Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), Greek legislation that supplements the GDPR and decisions and guidance issued from time to time by the Hellenic Data Protection Authority and the Article29 Working Party/ European Data Protection Board (the “Data Protection Provisions”).

2.2 The Processor shall process the Personal Data in accordance with the provisions of the DPA, and the documented instructions of the Controller, including with regard to transfers of personal data to a third country, unless required to do so by EU or Greek law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the Data Protection Provisions.

2.3 SECURITY OF PROCESSING: The Processor shall take reasonably appropriate measures pursuant to GDPR Article 32 in order to ensure security of the Personal Data.

2.4 CONFIDENTIALITY: The Processor shall take reasonable steps to ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

2.5 DELETION OR RETURN OF DATA: At the choice of the Controller, the Processor will delete or return all Personal Data to the Controller after the end of the provision of Services.

2.6 The Controller is solely responsible for assessing and applying the terms of lawful processing of the Personal Data and hereby assures that the processing which the Controller hereby assigns to the Processor meets and fulfils any and all applicable legal requirements in accordance with Data Protection Provisions, e.g., as and where necessary, the Controller has informed data subjects per GDPR Section 2, has obtained prior informed consent by the data subjects, etc.

3 DATA SUBJECTS EXERCISING THEIR RIGHTS

3.1 The Processor shall notify the Controller of any request received by a data subject regarding the processing of Personal Data, and shall provide commercially reasonable assistance, as requested by the Controller, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights.

4 AUDITS

4.1 The Processor shall make available to the Controller, upon relevant request, all information reasonably required to demonstrate compliance of the Controller with the obligations laid down in GDPR Article 28, and where the Controller, upon review of the information provided, still has reasonable doubts regarding the Processor’s compliance, on reasonable prior notice, the Processor shall, on a need to know basis, allow for and contribute to audit conducted by the Processor on the facilities and records of the Processor used to perform the Tasks, subject to the Processor’s right to withhold access to information containing confidential and/or proprietary information of the Processor and/or information of third parties, including e.g. other clients of the Processor.

4.2 The Controller shall bear all reasonable costs incurred by the Processor in the framework and for the need to the said audit.

5 USE OF SUBCONTRACTORS

5.1 The Processor is hereby generally authorised by the Controller to appoint subcontractors to perform and fulfil the Processor’s commitments and obligations under the DPA, i.e. to engage another processor (sub-processor, 2nd subcontracting level) and/or subordinate sub-processor (3rd subcontracting level). Subcontractors mentioned in the Security and Third-Party Providers Overview Document are deemed consented.

5.2 The Processor shall procure that all subcontractors will implement appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. Having regard to the state of the art and cost of their implementation, the Processor agrees that such measures shall ensure a level of security appropriate to the risks represented by the processing and by the nature, scope, context and purposes of the processing.

5.3 The Processor shall inform the Controller of any intended changes concerning the addition or replacement of subcontractors, thereby giving the controller the opportunity to object to such changes.
Where the Processor engages another processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in the DPA shall be imposed on that other by way of a contract or other legal act under EU or Greek, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of that other processor’s obligations.

6 PERSONAL DATA BREACH

6.1 The Processor shall promptly notify the Controller of any personal data breach affecting the Personal Data.

6.2 The Processor shall provide commercially reasonable assistance, as requested by the Controller, in case of a personal data breach affecting the Personal Data, taking into account the nature of processing and the information available to the Processor.

7 DATA PROTECTION IMPACT ASSESSMENT

7.1 The Processor shall provide commercially reasonable assistance, as requested by the Controller, in case of a privacy impact assessment regarding the processing of the Personal Data, which the Controller is required to perform under GDPR Article 35, taking into account the nature of processing and the information available to the Processor.

8 DATA TRANSFERS

8.1 The Processor may transfer or permit or cause the transfer of Personal Data to destinations and recipients outside the European Economic Area taking appropriate steps to adduce an adequate level of protection for the Personal Data transferred. Such steps may include, but are not limited to, entering into the controller to processor Standard Contractual Clauses adopted by the European Commission.

9 TERM

9.1 The DPA shall be valid for the duration of the Agreement (as defined in clause 2.5 of the Terms of Service).

10 LIABILITY

10.1 The Processor’s liability toward the Controller and the Controller’s liability toward the Processor with regard to culpable breaches of this DPA shall be based on the relevant Greek law provisions. Liability for slight negligence of either party if explicitly excluded.

11 APPLICABLE LAW AND JURISDICTION

11.1 The interpretation, validity and performance of the DPA shall be governed by and construed in accordance with Greek law, excluding the conflict of laws principles thereof; Greek law will also apply for tort liability. The Courts of Athens, Greece shall be exclusively competent to resolve any dispute or litigation to arise from or in connection to the DPA; same Courts shall also be exclusively competent in the case of procedures of injunction measures.

12 MISCELLANEOUS

12.1 Entire agreement. The DPA contains the whole agreement between the parties in relation to its subject matter and any and all previous understandings or agreements between the parties relating to such matters are terminated.

12.2 Severability. If any provision of the DPA is held unenforceable by a court or any competent authority or if a provision of the DPA becomes ineffective because of changes in applicable laws or in their interpretations, the validity of the other provisions of this DPA shall not be affected thereby. The parties shall then negotiate in good faith appropriate modifications to the DPA to reflect the changes required by law.

12.3 Amendments. The parties may modify the DPA from time to time by agreement in writing signed by both parties.

APPENDIX to DPA

1 CATEGORIES OF DATA SUBJECTS

The categories of the data subjects, the personal data of which are stored in the context of the Services are the following
– Individuals that have provided their personal data to the Controller
– Individuals using the Services (Registered Users)
– Personal data of data subjects provided by consumers in the context of referral mechanisms provided as part of the service
In the case that the Controller is using the Services in a way that affects additional data subject categories, the Controller shall inform the Processor accordingly in writing at privacy@e-satisfaction.com

2 TYPE(S) OF PERSONAL DATA

The types of personal data that are required to be processed to provide the Services are the following:
– Name/Surname,
– contact information (phone number, email address),
– Transaction/order id,
– Store,
– feedback content,
– device fingerprinting information (language of browser, type of device, browser version, OS version)
In the case that the Controller is using the Services in a way that involves processing of additional types of personal data, the Controller shall inform the Processor accordingly in writing at privacy@e-satisfaction.com

3 PURPOSE OF THE PROCESSING (TASKS)

Collection and processing of consumers’ opinion and data in order to export statistical conclusions related to the overall customer experience

4 DURATION OF THE PROCESSING

The Processor will process personal information for as long as this is necessary for the above mentioned purposes and always in accordance with any applicable statutory data retention periods.

5 INFORMATION ABOUT SUBPROCESSORS

The Security and Third-Party Providers Overview Document includes main information on Subprocessor(s), including name, address and type of processing. Upon the Controller’s request and as reasonably needed, the Processor shall provide further information on the use of ub-processor(s).

6 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

e-satisfaction.com host servers in which processes and stores its databases are located within the EU/EEA. More info about the security of our servers can be provided to you in detail upon request on (privacy@e-satisfaction.com). e-satisfaction.com uses appropriate technical, physical, legal and organizational measures, which comply with data protection laws to keep all personal information secure and to protect same against unauthorized and unlawful access and processing or accidental loss, destruction, damage, theft, use or disclosure.

As most of the personal information we hold is stored electronically we have implemented appropriate IT security measures to ensure this personal information is kept secure.

e-satisfaction.com has deployed a sophisticated security architecture comprising the latest server, database, backup and firewall technologies to protect our information assets. All data resides in a tightly controlled, secure data center. That architecture ensures that information about the identity and preferences of our individual members is never accessible to unauthorized personnel. We will maintain safeguards to protect the security of these Servers and your personally identifiable information. We also train our staff regularly on data protection and information security.

We do not store, access or process our customer credit card information. We use third party payment and subscription billing services for those purposes. We only use services that are PCI compliant and that maintain the highest security measures to protect your information. If you need more info about our third party providers please send us an email at privacy@e-satisfaction.com

e-satisfaction.com accounts require that you log in with a username and password. Where we have given you or where you have chosen a password for access to the Services, you are responsible for keeping this password confidential and for securing your login credentials from unauthorized use by a third party. We request you not to share your password with anyone else. All account passwords are encrypted. We cannot see your password; we can only help you reset it.

All of our system-to-system communications as well as human to system communications for the purposes of customer support, analytics and email sending is done through secure, encrypted channels. Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any personal information you might have sent to us has been compromised), please immediately notify us at: privacy@e-satisfaction.com

Document Version: 20180910