Terms of Service
Updated 14 February 2023
These Terms of Service (the “Terms”) including its appendices listed below, order form and/or any other agreement constitutes the entire agreement (“Agreement”) between the Customer or You and Hina or a Hina affiliate as set out in the Agreement (”Hina” or “we,” “our” or “us”), regarding your use of our services specified in the Terms (the software, and services are collectively referred to as the “Service”). Please read these Terms carefully. You may authorize your employees or other individual authorized users (collectively, “Authorized Users”) to use the Service. You agree that you are fully responsible with respect to any use of the Service by an Authorized User, including any breach by an Authorized User of these Terms.
Annex 1: Data Processing Agreement
In the event of any conflicting terms in the Terms and its appendices, the Terms shall take precedence over the appendices, except in any matters relating to the processing of personal data, in which case Annex 1 (Data Processing Agreement) shall take precedence.
1. The Service
The Service is an analytics and reporting solution that helps customers collect their online data for reporting, analysis and active data management. The Service is provided only electronically through user interfaces on third party platforms, for example through an add-in or add-on functionality, and through interfaces hosted by Hina.
The Service is not intended for users that are consumers (being an individual acting primarily for purposes other than a trade, business or profession) and the applicability of consumer protection legislation is therefore excluded. You must be 18 years of age or older to enter into this agreement and use the Service. You represent and warrant that any information you submit is true and accurate and that you are 18 years of age or older and are fully able and competent to enter into, and abide by these Terms, and that you have the authority to bind the Customer entity listed on the Agreement, if applicable.
3. Account Registration
All Authorized Users must register to use the Service. You agree to, and cause all Authorized Users to: (a) provide accurate, current and complete information as may be prompted by registration forms on the Service (“Registration Data”); (b) maintain the security of, and not share with any third party, any logins, passwords, or other credentials that you or any Authorized User selects or that are provided to you or any Authorized User for use on the Service; (c) maintain and promptly update the Registration Data, and any other information you or any Authorized User provides to us, and to keep all such information accurate, current, and complete; and (d) notify us immediately of any unauthorized use of any Authorized User account or any other breach of security by emailing us at firstname.lastname@example.org. Any activity on an Authorized User’s account shall be the sole responsibility of the Customer.
4. Free Trial
We may at our sole discretion offer you free trials for selected features of the Service or a limited time trial period of the entire Service. Once your free trial period ends, your ability to access the Service will terminate. Hina reserves the right to determine if you are eligible for a free trial and to discontinue any free trial without notice at our sole discretion.
5. Access; Use Restrictions
Hina hereby grants you the right to access and use the Service, subject to your compliance with these Terms at all times, including timely payment of all applicable fees. Your right to access and use the Service is personal, limited to your internal business purposes, non-transferable, non-exclusive, and revocable. With the tools provided by Hina, you may create additional connectors to the Service (“Custom Connector(s)”), which you may use solely with the Service to support your permitted use of the Service. Notwithstanding the foregoing, if You are a marketing or other agency: (a) you may use the Service on behalf of your clients and any individual users from such clients shall be considered Authorized Users pursuant to these Terms and (b) you may share reports generated by the Service with your clients, provided that such reports may only be used by you for internal business purposes, and such clients agree to only use such reports for their internal business purposes, however, you may not use the Service to transfer data to your client’s data warehouse, data lake, or other data storage without a separate written agreement with Hina.
Your access and use of the Service are based on the Service client, data source, data destination and usage restrictions. Access and use may be restricted to one individual, company, your Hina team or specific data access/usage. There may be additional restrictions, which may change from time to time, and we will use reasonable efforts to provide you with advance notice of impending changes in a timely manner. Specific written agreements for access and usage restrictions will be indicated in the Agreement and they will override these Terms.
Without limiting the generality of the foregoing, you will not, will not attempt to, and will not permit or encourage any third party to:
reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain improper access to any software component of the Service, in whole or in part;
modify or create derivative works of the Service, in whole or in part (except for Custom Connectors);
use the Service in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third party including but not limited to accessing Custom Connector Services for which you have no rights or in violation of the terms of Custom Connector Services;
interfere with or disrupt the integrity of the Service or any content or data contained therein or transmitted thereby;
access, monitor, or copy any content or information on the Service using any robot, spider, scraper, or other automated means or any manual process for any purpose without our express written permission;
violate the restrictions in any robot exclusion headers on the Service or bypass or circumvent other measures employed to prevent or limit access to the Service;
take any action that imposes, or may impose, in our discretion, an unreasonable or disproportionately large load on our infrastructure;
deep-link to any portion of the Service for any purpose without our express written permission;
“frame”, “mirror,” sell, resell, rent, or lease any portion of the Service or otherwise incorporate any part of the Service into any other website without our prior written authorization;
input any virus, malware, or other harmful code into the Service;
use the Service or any Hina Confidential Information for benchmarking or competitive analysis with respect to competitive or related products or services or to develop, commercialize, license, or sell any product, service, or technology that could, directly or indirectly, compete with the Service; or
violate any applicable local, provincial national, or international law or regulation.
We may at any time suspend or terminate your or any Authorized User’s access to the Service if we have reason to believe that you are not complying with the Terms or you are otherwise abusing the Service.
6. Third-party services, data and content
6.1 The Service allows you to gather data from multiple third-party data sources and services, including various third-party websites (jointly “Third-Party Services”). The Third-Party Services from which the data can be gathered are selected by Hina at its sole discretion and Hina may, during the Term, change the Third-Party Services that are compatible with the Service. In addition, Hina may discontinue the compatible Third-Party Services if the applicable service providers of the Third-Party Services discontinue the relevant services or discontinue making such services available to Hina. If you create Custom Connectors to access third-party services of your choice (“Custom Connector Services”), you shall be solely liable for accessing such Custom Connector Services. Hina shall have a right to discontinue your use of Custom Connector Services, if you breach the terms of this Agreement.
6.2 Hina assumes no liability whatsoever for the data or other content collected from Third-Party Services, such as Facebook, Google Analytics and Google Ads or from Custom Connector Services. You are solely responsible for ascertaining that you have the right to use the Service for gathering and processing any such data by using the Service, and you must obtain any such consents and authorizations as may be needed from time to time in relation to such data or other content and their processing by using the Service. We do not assume any liability for such Third-Party Services, Custom Connector Services or software, and you are exclusively responsible for obtaining any necessary licenses or consents needed for their use. You must familiarize yourself with the applicable terms and conditions, including any restrictions on use, in relation to any such Third-Party Services and Custom Connector Services and you agree to comply with the third-party terms and conditions applicable to the Third-Party Services and Custom Connector Services in addition to the terms of the Agreement.
6.3 Furthermore, the Service may contain links to web pages and content of third parties as a service to those interested in this information. We do not monitor, endorse, or adopt, or have any control over any third-party web pages or content. We undertake no responsibility to update or review any such web pages or third-party content and can make no guarantee as to its accuracy or completeness. Additionally, if you follow a link or otherwise navigate away from the Service, please be aware that these Terms will no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any web page, third-party content or service provider to which you navigate from the Service. You access and use third-party content at your own risk.
6.4With respect to Google services, our tools will only have rights to access your Google Analytics/Ads/YouTube data (depending on which service you are logging in to), and nothing else on your Google account. You can revoke Hina’ right to access your data at any point from your Google account control panel (https://security.google.com/settings/security/permissions).
7. Modifications to the service
You acknowledge that Hina may make modifications to the Service during the Term without prior notice to you; however, Hina will use reasonable efforts to notify you of any material changes to the Service in advance. In the event of material changes to the Service, Hina may provide further instructions to you with respect to any actions required by you in order to continue access and use of the Service, if necessary.
8. Term and Termination
8.1 Your account and subscription of the Service remains in effect unless you terminate it or unless Hina terminates your account as provided by these Terms. Your account and subscription of the Service may, depending on your choice, be automatically renewable or valid for a fixed period. If your subscription is automatically renewable, your subscription to the Service will remain in effect and will be renewed automatically at the end of each subscription period unless you terminate your subscription or we terminate it.
If your subscription is made for a fixed period and/or not automatically renewable, your subscription will automatically terminate at the end of the agreed subscription period.
Upon the termination or expiration of the Agreement, you must immediately stop using the Service.
8.2 Hina may terminate this Agreement or terminate or suspend any Authorized User’s access or use of the Service in the following circumstances:
(a) If Customer’s or any Authorized User’s continued use of the Service or Custom Connector Service may, in Hina’ discretion, result in material harm to Hina, its subcontractors, affiliates, or another customer of the Service, Hina may reasonably block or restrict Customer’s access to the Service or Custom Connector Service;.
(b) if Customer or any Authorized User has (i) submitted information to the Service in violation of applicable law; (ii) accessed Custom Connector Services for which Customer or any Authorized User has no rights or in violation of the terms of such services or (iii) otherwise used the Service in breach of these Terms, including the restrictions set forth in Section 6 above;
(c) any fees due by Customer remain unpaid fifteen (15) days after the applicable due date as set forth in the Agreement; or
(d) if Customer commits a material breach of its obligations under the Agreement and does not remedy such breach within thirty (30) days of receiving notice of breach from Hina.
8.3 Either party may terminate the Agreement upon written notice to the other party if the other party enters into bankruptcy, becomes insolvent or makes an assignment for the benefit of creditors.
Any feedback, comments, suggestions, ideas, or other information provided by you in the form of email or other submissions to us (collectively “Feedback”), are non-confidential and you hereby grant to us and our subcontractors and affiliates a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use your Feedback for any purpose without compensation or attribution to you.
10.1 The “Hina” name, the Hina logos, and any other product or service name or slogan contained on the Service are trademarks or registered trademarks of Hina and its suppliers or licensors, and may not be copied, imitated or used, in whole or in part, without the prior written permission of the applicable trademark owner. All other trademarks, registered trademarks, product names and company names or logos mentioned on the Service are the property of their respective owners. Reference to any products, services, processes or other information, by trade name, trademark, manufacturer, supplier or otherwise, does not constitute or imply endorsement, sponsorship, or recommendation thereof by us, or vice versa.
10.2 Hina may use your company name(s) and logo(s) for marketing purposes, including on the Hina website and in press releases, promotional and sales literature, customer/prospect presentations, and customers lists.
11. Ownership and intellectual property rights
11.1 As between you and Hina, Hina owns all right, title, and interest, including all intellectual property rights, in and to the Service, and any services available in connection with the Service. For the modifications you have made with Custom Connector, you shall have non-exclusive, royalty free, worldwide right to use any such modifications for the sole purpose of using the Service. Any intellectual property rights pertaining to the Custom Connector modifications shall belong to Hina. Except for those rights expressly granted in these Terms, no other rights are granted, either express or implied, to you and all other rights are hereby reserved.
12. Confidential information
If we share non-public information about the Service with you, you must keep it confidential and use reasonable security measures to prevent unauthorized disclosure of or access to that information.
13.1 Hina will process personal data as both 1) data controller; and 2) data processor on documented instructions from you as the data controller.
13.3 As a data processor, we process such personal data which you have provided to us (including collected or generated through the use of the Service) for the purpose of providing the Service. This processing of personal data is governed by a separate Data Processing Agreement entered into between you and us in connection with your signing up for the Service, which is attached hereto as Annex 1.
14. Customer Data
14.1 Customer, its subsidiaries, affiliates and customers retain all rights pertaining to all data, personal data or other information that Customer, or another party on Customer’s behalf, provides to Hina for the purpose of providing the Service (“Customer Data”). Where permitted by Data Privacy Laws, Hina may use Customer Data or other data derived from the operation of the Service: (i) to detect security incidents; (ii) to protect against fraudulent or illegal activity; (iii) to improve, enhance and support the Service; and (iv) to determine which other service offerings may be relevant to the Customer and inform the Customer of such offerings.
14.2 Notwithstanding the termination of this Agreement and provided that the Customer Data is in aggregated form, Hina may use the data for its business purposes including to create public statistics, for example, to enable Customers to benchmark their performance against industry level statistics. In no event does the aggregated data include any personally identifiable information or company level data.
15. Disclaimer of Warranties
YOUR USE OF THE SERVICE, INCLUDING, WITHOUT LIMITATION, YOUR USE OF ANY CONTENT ACCESSIBLE THROUGH THE SERVICE AND YOUR INTERACTIONS AND DEALINGS WITH ANY SERVICE USERS, IS AT YOUR SOLE RISK. HINA DOES NOT WARRANT UNINTERRUPTED USE OR OPERATION OF THE SERVICE OR YOUR ACCESS TO ANY CONTENT. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM THE SERVICE WILL CREATE ANY WARRANTY REGARDING HINA THAT IS NOT EXPRESSLY STATED IN THESE TERMS.
EXCEPT FOR ANY EXPRESS WARRANTIES INCLUDED HEREIN, WE DISCLAIM ALL WARRANTIES, TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXPRESS OR IMPLIED, WITH RESPECT TO THE SERVICE, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE AND WE DO NOT WARRANT THE ACCURACY OF ANY DATA PROVIDED IN CONNECTION WITH THE SERVICE, OR THAT THE SERVICE IS FREE OF BUGS OR ERRORS.
16.1 Hina will defend, indemnify and hold harmless Customer from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to infringement of a third party’s intellectual property rights due to Customer’s use of the Service, except to the extent such claims or actions arise out of or are related to (i) any modification or combination of the Service by Customer with any service not provided by Hina; (ii) any third-party programs, information, or data (including any Third-Party Services and Custom Connector Services); (iii) any access or use of the Services by Customer in violation of these Terms, including the restrictions set forth in Section 6; or (iv) any data, information, or content provided by Customer.
Hina’ indemnification obligation in this Section only applies under the condition that Customer has notified Hina in writing of a claim or action within a reasonable time.
In case such third party claim is made or is likely to be made, Hina is responsible, at its own cost, for obtaining any necessary rights for Customer to continue to use the Service under the terms of the Agreement or replace or modify the infringing part of the Service to be non-infringing without decreasing functionality. If Hina is unable to replace or modify the infringing part, then Hina may terminate this Agreement upon written notice to Customer, in which case Customer shall be entitled, as its sole remedy, to a pro-rata refund in the amount of the unused portion of any prepaid fees for the terminated Service calculated as of the effective date of termination. Hina liability, and your sole remedy, for infringement of intellectual property rights in the Service shall be limited to this Section 16.1.
16.2 Customer will defend, indemnify and hold harmless Hina from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to:
(a) any breach by Customer or any Authorized User of the restrictions set forth in Section 6 above;
(b) any violation of applicable law by Customer;
(c) any data, information, or content inputted into the Service or otherwise provided by Customer, including any actual or alleged infringement of third-party intellectual property rights or rights to privacy arising out of any such data, information, or content, including Customer Data and Custom Connector Services;
(d) any of Customer’s products or services;
(e) any material breach by Customer of this Agreement; or
(f) any gross negligence, willful misconduct, or fraud by Customer.
17. Limitation of Liability
Neither party nor its suppliers or licensors will be liable for any indirect, incidental, special, consequential, or exemplary damages, including, without limitation, damages for loss of profits, goodwill, use, data, or other intangible losses (even if such party or any supplier or licensor has been advised of the possibility of these damages), arising out of this Agreement.
Hina’ maximum total liability towards the Customer and its Authorized Users for all claims under these Terms or otherwise in relation to the Service, whether in contract, tort, or otherwise, is limited to 100 EUR.
Any limitations of liability under this Section 19 shall not apply with respect breach of Section 14 (Confidential information) or in the event of gross negligence, willful misconduct, or fraud.
18. Governing law and dispute resolution
These Terms shall be governed and construed in accordance with the laws of Finland, without giving effect to principles of conflicts of law or to the Convention on Contracts for the International Sale of Goods. Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The seat of arbitration shall be Helsinki, Finland. The number of arbitrators shall be one. The language of the arbitration shall be English.
19. Other terms
Neither party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to causes beyond its reasonable control (a “Force Majeure Event”), which may include, without limitation, labor disputes, strikes, lockouts, shortages of or inability to obtain energy, raw materials or supplies, denial of service or other malicious attacks, telecommunications failure or degradation, pandemics, epidemics, public health emergencies, governmental orders and acts (including government-imposed travel restrictions and quarantines), material changes in law, war, terrorism, riot, or acts of God. A Force Majeure Event suffered by a subcontractor of a party shall also be considered a Force Majeure Event in relation to the party if the work to be performed under subcontracting cannot be done or acquired from another source without incurring unreasonable costs or significant loss of time. Our failure to act in a particular circumstance does not waive our ability to act with respect to that circumstance or similar circumstances.
Any provision of these Terms that is found to be invalid, unlawful, or unenforceable will be severed from these Terms, and the remaining provisions of these Terms will continue to be in full force and effect. The section headings and titles in these Terms are for convenience only and have no legal or contractual effect.
The Customer may not assign or transfer its rights or obligations under this Agreement, without the prior written consent of Hina. Hina may assign this Agreement to a successor entity in connection with a merger, consolidation, or sale of all or substantially all of its assets to which this Agreement relates.
Hina may change the content of this Agreement, subject to posting a notice of change in its web page.
Any notices under or in relation to the Agreement shall be sent in accordance with the notice provisions in the Agreement.
By using the Service, you consent to receiving electronic communications from us. These communications may include notices about your account and information concerning or related to the Servdice.
20. Early Access Service
Hina may offer Customer access to the Early Access program (“Early Access Service”). The Terms are applicable to the Early Access Service and will control for any provision not addressed in this Section. Customer acknowledges and agrees that: (a) the Early Access Service has not been commercially released for use and sale by Hina; (b) the Early Access Service may not operate properly, be in final form or fully functional; (c) the Early Access Service may contain bugs, errors, and other problems; (d) the information obtained using the Early Access Service may not be accurate and may not accurately correspond to information extracted from any source; (e) Hina is under no obligation to release a commercial version of the Early Access Service; and (f) any granted service levels or service credits are not applicable to the Early Access Service.
Hina may at any time, in its sole discretion, discontinue or suspend the development of the Early Access Service without any obligation or liability to Customer. Customer acknowledges and agrees that the Early Access Service is made available on an “as is” basis. Customer assumes all risks and all costs associated with the use of the Early Access Service. As part of the Early Access Service you will be asked to provide Feedback regarding the use of the Early Access Service. Any such Feedback shall be subject to Section 11.
21. Third-Party AI Features
Depending on Your subscription, we may provide to You features of our Services that utilize third-party artificial intelligence technology (“Third-Party AI Features”). In addition to these Terms, delivery and Your use of the Third-Party AI Features and Plugins (as defined in the AI Terms) are governed by our supplementary AI Feature terms (“AI Terms”) that forms an inseparable part of the Agreement between You and us. To the extent the Third-Party AI Features are not part of Your subscription to our Services, the AI Terms are not part of the Agreement and do not apply to You.
ANNEX 1 Data Processing Agreement
1. Nature and purpose of the processing
This Data Processing Agreement (“DPA”) is an annex to and forms an inseparable part of the Agreement between the Customer or you and Hina, regarding your use of our Services.
The agreed Service delivery may include processing of personal data by Hina and its subcontractors, on behalf of the Customer, within the scope described in the Agreement. The purpose of this DPA is to set the terms and conditions governing such processing by Hina on behalf of the Customer in compliance with the requirements set by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection legislation, including the California Consumer Privacy Act of 2018 (“CCPA”) (collectively, “Data Privacy Laws”).
Hina may process personal data only on behalf of the Customer solely to the extent necessary for the provision of the Services set forth in the Agreement, and may not otherwise process or use personal data for purposes other than those set forth in this DPA or as reasonably instructed by the Customer in writing where such instructions are consistent with the terms of the Agreement. Hina may not sell the Customer’s personal data, as the term “sale” is defined under the CCPA. This DPA shall take precedence over conflicting provisions relating to processing of personal data in the Agreement, unless otherwise expressly stated in this DPA.
The parties acknowledge and agree that the Customer enters into this DPA on behalf of itself and on behalf of its affiliates which utilize the Services as defined in the Agreement (“Affiliates”), thereby establishing a separate DPA between Hina and each of the Customer Affiliates subject to the terms of this DPA. The Customer and Affiliates are jointly referred to as the “Customer”. Hina enters into this DPA on its own behalf and on behalf of those of Hina’ group companies that are involved in the processing of personal data under this DPA and the Agreement.
All references to “personal data”, “processing”, “data subject” and other terms defined in Data Privacy Laws and not expressly defined herein shall have the same meaning in this DPA as in Article 4 of the GDPR. When CCPA applies, these above mentioned terms shall have the same meaning as defined in the CCPA; “controller” shall mean “Business” and “processor or “data processor” shall mean “Service Provider”.
In the event that under the Agreement it is agreed that Hina’ cloud based service shall be delivered by a third-party provider (Amazon Web Services, Microsoft, Google or other) the parties acknowledge that any personal data processed within the cloud service shall be exclusively governed by the terms and conditions for the cloud service as stipulated and amended from time to time by the cloud service provider.
2. Term and termination of this DPA
This DPA shall become effective upon the Customer entering into the Agreement and shall remain in force during the validity of the Agreement and thereafter for as long as necessary for the finalization of the agreed processing of personal data.
3. Processing of your personal data
For the sake of clarity, it is noted that in relation to the personal data processed under this DPA, Hina acts as a data processor or second data processor (a so called sub-processor), and the Customer acts as a data controller or first data processor (to the extent Hina process personal data for which a customer of the Customer is considered controller).
The types of personal data and categories of data subjects may include the following depending on the service(s)
Categories of data subjects
The personal data will concern the following categories of data subjects:Customers or users (including prospective customer’s or user’s) of the Customer or Customer’s customers.
Types of personal data
Online identifiers, such as cookie identifiers, internet protocol addresses and device identifiers; precise location data; client identifiers;Contact details, such as names, email addresses, phone numbers and addresses;Data relating to individuals provided to Hina via the Services by (or at the direction of) the Customer, including to create and collaborate on reports, graphs and charts;Event data and CRM data relating to individuals provided to Hina via the Services by (or at the direction of) the Customer, such as data about data subjects and the actions they take on or in relation to specific websites, apps, services or applications.Financial and transactional details such as accounting, sales, orders, invoices, payments and items purchased.Other personal data submitted to the Services by (or at the direction of) the Customer within the scope of the Agreement.
This DPA with the Agreement constitutes the instructions in accordance with which any such data is processed as per the date of entering into this DPA.
Hina shall not process the personal data provided to Hina via the Services by (or at the direction of) the Customer for any other purpose or otherwise deviate from the Customer’s instructions relating to the processing of personal data in any way, unless required to do so by the laws of the European Union or its member states to which Hina is subject, in which case Hina shall inform the Customer of that legal requirement before carrying out such processing (unless that law prohibits Hina from doing so).
In the event that Hina believes an instruction from the Customer is in breach of applicable data protection legislation or otherwise lacks instructions which, in Hina assessment, are necessary to perform the processing of personal data in accordance with this DPA or applicable data protection legislation, Hina shall promptly inform the Customer thereof and await further necessary instructions.
4. Responsibilities of the Customer
The Customer is the owner of its personal data and is responsible for the accuracy, legality, integrity and content reliability of such personal data. Customer shall, in its use of the Services, process personal data in accordance with the requirements of applicable data protection legislation and Customer will ensure that its instructions for the processing of personal data shall comply with applicable data protection legislation. Customer is solely liable for its compliance with Data Privacy Laws in its use of the Services. Customer must provide a written notification to Hina without undue delay if it believes this DPA and Customer’s written instructions do not fulfil requirements of applicable Data Privacy Laws.
5. Assistance to the Customer
5.1 Hina will assist the Customer in ensuring compliance with their obligations under Article 32 (security of processing), Article 33 (notification of personal data breaches to supervisory authorities), Article 34 (communication of personal data breach to data subjects), Article 35 (data protection impact assessments) and Article 36 (prior consultation), taking into account the nature of processing and the information available to the Hina. Any assistance by Hina outside the scope of the services agreed under the Agreement shall be charged by Hina at the then current rate applied by Hina.
5.2 Hina shall, taking into account the nature of the processing, assist the Customer by appropriate technical or organisational measures, in the fulfilment of the Customer’s obligations to respond to data subject requests relating to their exercise of their rights under Data Privacy Laws. In this respect, Hina shall provide assistance only upon request by the Customer. Any request directed to Hina by a data subject shall be referred by Hina to the Customer without undue delay. Any assistance by processor outside the scope of the Services agreed under the Agreement shall be charged by Hina at the then current rate applied by Hina.
5.3 Hina shall notify the Customer about any personal data breaches concerning the Customer’s personal data without undue delay after having become aware of such personal data breach. To the extent possible, the notification shall include the following information:
description of the nature of the personal data breach including where possible the categories and approximate number of data subjects and personal data records concerned;
the name and contact details of Hina data protection officer or other contacts where further information can be obtained;
description of the likely consequences of the personal data breach; and
description of the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
5.4 Where it is not possible for Hina to provide the information as indicated in Section 5.3 at the same time as the notification of the personal data breach, the information may be provided in phases without undue delay.
6. Confidentiality and security
6.1 Hina shall ensure that all persons authorized to process the personal data of the Customer are bound by an obligation of confidentiality with respect to such personal data, and only processes such personal data on instructions from the Customer, unless required to do so under applicable EU or EU member state law.
6.2 Hina shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. This shall include, inter alia as appropriate, measures to:
implement and maintain technical and organisational measures for safeguarding the confidentiality, integrity, availability and resilience of systems and services processing personal data;
restore the availability and access to personal data in a timely manner in the event of an incident;
regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing; and
pseudonymize and/or encrypt personal data.
6.3 On request, Hina shall cooperate with the supervisory authority in the performance of its tasks and shall comply with decisions by the supervisory authority on security measures required to comply with the GDPR. If and to the extent the Customer or the supervisory authority instructs Hina to perform any measure, activity or action outside the scope of the Services agreed to under the Agreement, then such instruction shall be considered a request for additional services pursuant to the Agreement and additional fees may apply.
7. Sub-processors and transfers to third countries
7.1 The Customer acknowledges that Hina needs to engage other processors for carrying out specific processing activities, and that Hina wishes to deliver standard services to its customers in a consistent, secure and efficient manner. Accordingly, the DPA shall constitute a general authorization by the Customer for Hina’ use of sub-processors. Hina shall ensure that sub-processors are bound by a written agreement that require them to provide at least the level of data protection required by Hina under this DPA. Hina shall inform the Customer of changes concerning its sub-processors, including the identity and location of new or replaced sub-processors. A list of sub-processors (including their name, country, processing activities and country/area where processing activities are carried out) is available at Hina web page or other location as designated by Hina from time to time. Hina will notify the Customers by adding the name and above mentioned details of new and replacement sub-processors to the list prior to them starting sub-processing of personal data.
7.2 Where a sub-processor fails to fulfil its data protection obligation, Hina shall remain fully liable to the Customer for the performance of that sub-processor’s obligations.
7.3 If the Customer has a reasonable objection to any new or replacement sub-processor, it shall notify Hina of such objection in writing within ten (10) days of the notification. In case the Customer objects to the use of a specific sub-processor, the parties shall enter into good faith negotiations on how to resolve the issue. In case the negotiations do not solve the issue and the Customer opposes Hina’ use of a specific sub-processor either party shall, for a justified reason and as a final remedy, be entitled to terminate the relevant Agreement on thirty days’ written notice.
7.4 Hina and its sub-processors may transfer or process personal data outside the EU/EEA area.
7.5 When transfer of personal data by Hina to a sub-processor outside the EU/EEA, is permitted as stated above, in case of any transfer Hina shall ensure that transfer is only made to (a) a country deemed by the Commission to have an adequate level of protection, (b) entities having entered into the EU Commission standard contractual clauses approved by the European Union concerning the transfer of personal data to outside the EU/EEA or provided other appropriate safeguards as described in Article 46 of the GDPR.
7.6 Subject to the above and subject to Hina keeping the Customer informed of any transfer of personal data outside the EU/EEA, the Customer gives its consent to the transfers and authorizes Hina to conclude processor to processor standard contractual clauses based on the European Commission Decision 2021/915 of 4 June 2021 to transfer Personal Data to processors located outside the EU/EEA.
8. Retention of your data
Hina has no obligation to store and Hina will not store any of Customer’s data after the termination of your account and/or subscription of the Service. Hina will, at Customer’s election, promptly delete or return all personal data related to Customer’s account after the end of the provision of the Services relating to processing and delete existing copies unless applicable legislation requires storage of the personal data.
9.1 Hina shall upon the Customer’s request make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and the GDPR.
9.2 The Customer or an auditor authorized by the Customer (however, not a competitor of the Hina) is entitled to audit the activities pursuant to the DPA. The Parties shall agree on the time of the auditing and other details ahead of time and at latest 30 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of Hina or its subcontractors in regard to third parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments. The Customer shall be responsible for its own and Hina’ expenses caused by the auditing. If notable defects are perceived during auditing, Hina shall be liable for the costs incurred from remediating said defects.
9.3 . Provided that the parties have an applicable Non-Disclosure Agreement in place, Hina reserves the right to provide the Customer with a copy of a third-party certification or report in lieu of an onsite audit as described in 9.2 above. In the event the customer does not find all reasonably needed info from the report, then 9.2. will apply.
Hina shall compensate the Customer for damages incurred by the Customer as a result of fault or negligence by Hina, or by a sub-contractor to Hina, in the processing of personal data in breach of the Agreement or this DPA, including for claims by data subjects or a supervisory authority against the Customer caused directly by Hina’ breach of this DPA.
To clarify, the limitations of liability set forth in Section 19 of the Agreement shall apply.