ESAB Helmet Connect Terms of Service
INTRODUCTION
This Agreement (comprising the Order Form, these Terms of Service, the
End-User Software License Agreement, and the DPA) sets out the terms and
conditions upon which you may use the Helmet Connect Service (as defined
below) and any application or functionality that ESAB makes available
through the Helmet Connect Service.
By signing an Order Form, you agree to and accept these Terms of
Service and the Order Form.
1. INFORMATION ABOUT ESAB
The Helmet Connect Services are provided by ESAB India Limited, a company organized under the laws of India, and/or its affiliates and subsidiaries (collectively, "ESAB").
2. INTERPRETATION
2.1 In these Terms of Service, save where the context requires otherwise, the following words and expressions have the following meaning:
"Agreement" means the agreement between the Client and ESAB, comprising these Terms of Service, the End-User Software License Agreement, and the DPA, for the provision of the Helmet Connect Service;
"App Store" means the Apple App Store or the Google Play Store, each a digital distribution platform for mobile applications;
"Authorized User" means a person who is authorized by the Client to access the Helmet Connect Service on behalf of the Client;
"Business Day" means a day other than a Saturday, Sunday or public holiday in Sweden when banks in Gothenburg are open for business;
"Client" or "you" means the person that downloads the Helmet Connect App from the App Store;
"Client Data" means any content and data that the Client or any Authorized Users make available to ESAB and/or that is hosted by ESAB in connection with the provision of the Helmet Connect Service;
"Commencement Date" means the date that you digitally accept the terms of this Agreement upon your first login to the Helmet Connect App;
"DPA" has the meaning given to it in clause 9.1;
"Helmet Connect App" means each of the mobile applications operated by ESAB that enable the Client to configure its access to and use of the relevant Helmet Connect Service, and forms part of the Helmet Connect Service;
"Helmet Connect Service" means the relevant service(s) operated by ESAB and to be provided to the Client, including the relevant Helmet Connect App(s);
"Term" means a perpetual period beginning on the Commencement Date;
"Terms of Service" means these terms and conditions of service, including any appendices to it, as amended from time to time;
"Third Party Sites" has the meaning given in clause 7.3;
"User Account" means an account set up by the Client with an ID and password that an Authorized User uses to access the Helmet Connect Service;
"VAT" means value added tax (and any equivalent tax payable in any jurisdiction);
"Virus" means any thing or device (including any software, code, file or program) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware, or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any program or data, including the reliability of any program or data (whether by re- arranging, altering or erasing the program or data in whole or part or otherwise); or adversely affect the user experience, including works, Trojan horses, viruses and other similar things or devices;
3. INTENTIONALLY OMITTED
4. DURATION
4.1 The Agreement shall commence on the Commencement Date and, subject to earlier termination in accordance with clause 13, shall continue perpetually.
5. INTENTIONALLY OMITTED
6. ACCESS TO THE ESAB SERVICE
6.1 Subject to the terms of the End-User Software License Agreement attached to these Terms of Service as Addendum A (the “End-User Software License Agreement”) ESAB grants the Client a non-exclusive, non-transferable perpetual license beginning on the Commencement Date to:
(a) access, use, and permit Authorized Users to access and use the Helmet Connect Service; and
(b) permit Authorized Users to download the applicable Helmet Connect App(s) (including any updates made by ESAB to the App(s)) from an App Store onto their mobile devices,
for the sole purpose of accessing and using the Helmet Connect Service for the Client's business purposes, during the Term and in accordance with the Agreement.
6.2 The Client may not sublicense the rights granted in clause 6.1 other than to allow Authorized Users to access and use the Helmet Connect Service.
6.3 The Client may grant Authorized Users access to the Helmet Connect Service provided that the Client:
(a) does not make or give any representations, warranties or other promises concerning the Helmet Connect Service unless agreed by ESAB in writing from time to time;
(b) ensures that all Authorized Users are aware of the terms of the Agreement and act in compliance with them;
(c) ensures that the terms on which the Authorized User is granted access to the Helmet Connect Service protect ESAB and its proprietary rights in the Helmet Connect Service to the same extent as set out in the Agreement including, in particular, clause 8 (and the Client will take reasonable steps to enforce such terms at ESAB's request); and
(d) ensures that ESAB is not liable to the Authorized Users in any way.
6.4 The Client must treat any username and password used to access the Helmet Connect Service or a User Account as Confidential Information, and must not disclose such information to any third party (other than to Authorized Users) and must take appropriate safeguards in accordance with good industry practice to prevent unauthorized access to the Helmet Connect Service.
6.5 The Client shall procure that each Authorized User keeps
secure and confidential any username and password provided to, or
created by, that Authorized User for their use of the Helmet Connect
Service, and that they will not disclose such username and password to
any third party, including any other Authorized Users or persons within
the Client's organization, company or business.
6.6 The Client is responsible for maintaining the confidentiality of
its login details for its Client Account and for any activities that
occur under its Client Account, including the activities of Authorized
Users.
6.7 ESAB encourages the Client to use, and to encourage Authorized Users to use "strong" passwords (using a combination of upper and lower case letters, numbers and symbols) with its User Accounts.
6.8 The Client must prevent any unauthorized access to, or use of, the Helmet Connect Service, and must promptly notify ESAB in the event of any such unauthorized access or use. If the Client has any concerns about the login details for any User Account, or thinks any of them may have been misused, the Client shall notify ESAB at support@esab.co.in. The Client must immediately notify ESAB if the Client becomes aware that the login details of any Authorized User are lost, stolen, or otherwise compromised.
6.9 The Client is responsible for making all arrangements necessary for Authorized Users to gain access to the Helmet Connect Service including setting up all User Accounts using the appropriate features and functionalities of the Helmet Connect Service.
6.10 The Client shall indemnify and defend ESAB, and its agents and contractors from and against any and all losses, damages, claims, liabilities or expenses (including reasonable lawyer's fees) arising out of a claim brought by an Authorized User or any other third party relating to the Client's use of the Helmet Connect Service (except to the extent caused by ESAB’s negligence).
7. CLIENT'S OBLIGATIONS
7.1 The Client:
(a) must comply with all applicable laws and regulations with respect to its use of the Helmet Connect Service and its activities under the Agreement;
(b) must use the Helmet Connect Service in accordance with the terms of the Agreement and shall be responsible for any acts and omissions in connection with the use of the Helmet Connect Service by its Authorized Users;
(c) must end any Authorized User's right to access and use the Helmet Connect Service, if the Authorized User ceases its employment or other relationship with the Client;
(d) must notify ESAB in writing if there are any changes to any of the Client's contact details as set out in the Order Form;
(e) must ensure that its network and systems, including its
internet browser and operating systems, comply with any relevant
specifications provided by ESAB in writing (including e-mail) from time
to time;
(f) is solely responsible for procuring and maintaining its network
connections and telecommunications links from its systems in order to
access and use the Helmet Connect Service; and
(g) must not do, or allow any Authorized Users or other persons to do, any of the following:
(i) access, store, distribute, or transmit any Virus through the Helmet Connect Service;
(ii) use the Helmet Connect Service to access, store, distribute, or transmit any material that is unlawful, harmful, threatening, defamatory, inflammatory, violent, obscene, infringing, harassing, or racially or ethnically offensive;
(iii) use the Helmet Connect Service in a manner that is illegal or causes damage or injury to any person or property;
(iv) use any automated system, including without limitation "robots", "spiders", or "offline readers", to access the Helmet Connect Service in a manner that sends more request messages to the Helmet Connect Service than a human can reasonably produce in the same period of time by using a conventional online web browser (other than as permitted by the functionality of the Helmet Connect Service);
(v) attempt to interfere with or compromise the integrity or security of the Helmet Connect Service,
and ESAB reserves the right, without liability or prejudice to its other rights under the Agreement, to immediately disable all or any User Accounts or access to all or any part of the Helmet Connect Service by any Authorized User, for any breach of any provision of this clause 7.1(g).
7.2 ESAB may monitor the Client's and Authorized Users' use of the Helmet Connect Service to ensure the quality of, and improve, the Helmet Connect Service, and verify the Client's compliance with the Agreement.
7.3 The Helmet Connect Service may contain links to, or call the servers of, third party websites, data or services that are not under ESAB’s control, solely at the direction of and/or as a convenience to the Client (including any App Store from which the Client or any Authorized User downloads an Helmet Connect App) ("Third Party Sites"). As such, ESAB is not responsible for, and makes no express or implied warranties with regard to, the information, content or other material, products, or services that are contained on or are accessible through, or the policies regarding use and privacy in respect of, Third Party Sites. Access to and use of Third Party Sites, including information, content, material, products, and services on such websites or available through such websites, is solely at the Client's risk.
7.4 The export or re-export of the Helmet Connect Service or its content may be subject to restrictions under applicable export, re-export, economic sanctions, import, and anti-terrorism laws and other laws governing trade. The Client represents and warrants that it will comply fully with such laws and shall not export, re-export, directly or indirectly, the Helmet Connect Service, in whole or in part, whether in tangible or electronic form, including without limitation via access through some telecommunications method (such as through the Internet or via a dedicated dial-up line), to any destination or end user to which such export or re-export is restricted or prohibited by such laws.
7.5 This clause 7.5 applies where a Helmet Connect App has been acquired from the Apple App Store. The Client:
(a) acknowledges and agrees that the Agreement is solely between the Client and ESAB, and not with Apple, Inc. ("Apple"), and that Apple has no responsibility for any Helmet Connect App or for any content thereof. The Client's, and any Authorized User's, use of any Helmet Connect App must comply with the App Store terms of service;
(b) acknowledges and agrees that the license to download and use any Helmet Connect App granted to the Client is a non-transferable license to use the Helmet Connect App on any Apple-branded products that the Client or any Authorized User owns or controls and as permitted by the Usage Rules set forth in the App Store Terms of Service;
(c) acknowledges and agrees that Apple has no obligation whatsoever to furnish any maintenance and support services with respect to the Helmet Connect Apps. In the event of any failure of any Helmet Connect App to conform to any applicable warranty, the Client may notify Apple, and Apple will refund the purchase price of the Helmet Connect App (if any) to the Client; to the maximum extent permitted by applicable law, Apple will have no other warranty obligation whatsoever with respect to the Helmet Connect Apps and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be solely governed by the Agreement and any law applicable to ESAB as the provider of the Helmet Connect Apps;
(d) acknowledges and agrees that Apple is not responsible for addressing any claims of the Client or any third party relating to any Helmet Connect App or to the Client's possession and/or use of any Helmet Connect App, including: (i) product liability claims; (ii) any claim that any Helmet Connect App fails to conform to any applicable legal or regulatory requirements; and (iii) claims arising under consumer protection or similar legislation; and all such claims are governed solely by the Agreement and any law applicable to ESAB as the provider of the software;
(e) acknowledges and agrees that in the event of any third party claim that any Helmet Connect App, or the Client's possession and use of any Helmet Connect App, infringes that third party's intellectual property rights, ESAB, and not Apple, will be solely responsible for the investigation, defense, settlement, and discharge of any such intellectual property infringement claim to the extent required by the Agreement;
(f) represents and warrants that (i) the Client is not located in
a country that is subject to U.S. Government embargo, or that has been
designated by the U.S. Government as a "terrorist supporting" country;
and (ii) the Client is not listed on any U.S. Government list of
prohibited or restricted parties; and
(g) acknowledges and agrees with ESAB that Apple, and Apple's
subsidiaries, are third party beneficiaries of the Agreement as relates
to the Client's license of any Helmet Connect App and that, upon the
Client's acceptance of the terms and conditions of the Agreement, Apple
will have the right (and will be deemed to have accepted the right) to
enforce the Agreement as relates to the Client's license of any Helmet
Connect App against the Client as a third party beneficiary thereof.
7.6 This clause 7.6 applies where any Helmet Connect App has been acquired from the Google Play App Store. The Client:
(a) acknowledges that the Agreement is between the Client and ESAB, and not with Google, Inc. ("Google");
(b) the Client's (including any Authorized User's) use of the Helmet Connect App must comply with Google's then-current Google Play Store terms of service;
(c) Google is only a provider of the Google Play Store where the Client obtained any Helmet Connect App;
(d) ESAB, and not Google, is solely responsible for any Helmet Connect App;
(e) Google has no obligation or liability to the Client with respect to any Helmet Connect App or the Agreement; and
(f) the Client acknowledges and agrees that Google is a third party beneficiary to the Agreement as it relates to any Helmet Connect App.
8. IMPORTANT NOTE ON INTELLECTUAL PROPERTY RIGHTS
8.1 Except as expressly set out in the Agreement, ESAB does not grant to the Client any rights to or licenses in respect of the Helmet Connect Service.
8.2 The Client will not (except to the extent expressly permitted by applicable law), when using the Helmet Connect Service:
(a) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Helmet Connect Service in any form or media or by any means;
(b) attempt to reverse compile, disassemble, reverse engineer, or otherwise reduce to human-perceivable form all or any part of the Helmet Connect Service;
(c) access all or any part of the Helmet Connect Service in order
to build a product or service which competes with the Helmet Connect
Service, or use or attempt to use the Helmet Connect Service to directly
compete with ESAB.
8.3 The Client grants ESAB a license to access, download and use the Client Data and any data regarding the Client and any Authorized User’s use of the Helmet Connect Service for the purpose of:
(a) providing the Helmet Connect Service to the Client, including analyzing the data in accordance with the functionalities of the Helmet Connect Service;
(b) developing, testing, improving and altering the functionality of the Helmet Connect Service; and
(c) anonymizing and aggregating the Client Data and producing anonymized or anonymized and aggregated statistical reports and research (which ESAB is permitted to share with its third party service providers).
8.4 The Client represents and warrants to ESAB that it has the necessary right, title, interest and consent, in each case as necessary to allow ESAB to use the Client Data and any other data referred to in clause 8.3 in accordance with the Agreement. The Client shall maintain a backup of the Client Data and (subject to the DPA) ESAB shall not be responsible or liable for the deletion, correction, alteration, destruction, damage, loss, disclosure or failure to store any Client Data.
8.5 INTENTIONALLY OMITTED.
8.6 INTENTIONALLY OMITTED.
8.7 ESAB may use the Client's name, logo, and related trade marks in any of ESAB’s publicity or marketing materials (whether in printed or electronic form) for the purpose of highlighting that the Client uses the Helmet Connect Service and alongside any testimonials that the Client has agreed to give. The Client grants ESAB such rights as are necessary to use it name, logo, related trade marks and testimonials for the purpose of this clause 8.7.
8.8 The Client agrees to provide regular feedback to ESAB in relation to its use of the Helmet Connect Service. By submitting feedback, the Client acknowledges that ESAB may use and allow others to use this feedback in the Helmet Connect Service or otherwise without any restriction and without payment of any kind to the Client.
9. DATA PROTECTION
9.1 To the extent that ESAB processes any personal data on behalf of the Client as a processor or subprocessor as a result of hosting the Client Data or otherwise as a result of the Client's use of the Helmet Connect Service, it shall do so in accordance with the data processing addendum attached to these Terms of Service as Addendum B (the "DPA").
9.2 For the purpose of this clause 9 the terms "controller", "processor", "data subject", "personal data", and "process" shall have the same meaning as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
10. INTENTIONALLY OMITTED.
11. INTENTIONALLY OMITTED.
.12. INTENTIONALLY OMITTED.
13. SUSPENSION AND TERMINATION
13.1 Without prejudice to any other rights and remedies available to ESAB, ESAB may terminate the Agreement by notice with immediate effect, or such notice as ESAB may in its sole discretion elect to give, if the Client:
(a) is in breach of clause 8.2; and/or
(b) is in breach of any applicable law.
13.2 Without prejudice to any other rights and remedies available
to ESAB, ESAB may immediately suspend any User Account, and the Client's
or any Authorized User's right to access and use the Helmet Connect
Service without giving prior notice to the Client, if:
(a) the Client is in material or persistent breach of any of the
terms of the Agreement;
(b) in ESAB's reasonable determination, the Client is suspected of being in material breach of any of the terms of the Agreement,
and for the purposes of this clause 13.2, the parties acknowledge that any breach of clauses 8.2 will be a material breach of the Agreement.
13.3 Without prejudice to any other rights and remedies available to it, either party may terminate the Agreement at any time with immediate effect on giving notice in writing to the other party, if that other party is in material or persistent breach of any of the terms of the Agreement and either that breach is incapable of remedy, or, if capable of remedy, the other party fails to remedy the breach within thirty (30) days after receiving written notice requiring it to remedy the breach; or
13.4 On termination of the Agreement for any reason all rights and licenses granted under the Agreement shall immediately terminate and the Client's right to access and use, and grant Authorized Users the right to access and use the Helmet Connect Service will end;
13.5 After the expiry or termination of the Agreement. ESAB may thereafter:
(a) delete any Client Data at any time;
(b) retain Client Data upon expiry or termination of the Agreement
in order to comply with applicable law, or as ESAB may deem necessary to
prosecute or defend any legal claim (in which case ESAB may retain
Client Data for a reasonable period of time pending resolution of such
obligation or issue);
(c) retain any Client Data that has been anonymized and aggregated,
in each case subject to the DPA.
13.6 Termination of the Agreement for whatever reason shall not
affect any rights or remedies of the parties that have accrued up to the
date of termination.
13.7 Any provision of the Agreement that expressly or by implication is intended to come into force or continue in force on or after expiry or termination of the Agreement shall survive and continue in full force and effect.
14. LIMITED WARRANTY
14.1 The Helmet Connect Service is provided on an "AS IS" basis and ESAB gives no representations, warranties, conditions or other terms of any kind in respect of the Helmet Connect Service, whether express or implied, including (but not limited to) warranties of satisfactory quality, merchantability, fitness for a particular purpose, or non- infringement.
14.3 Except as expressly provided for in the Agreement:
(a) all representations, warranties, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by law, excluded from the Agreement; and
(b) ESAB will not be responsible for any interruptions, delays, failures, or non- availability affecting the Helmet Connect Service or the performance of the Helmet Connect Service which are caused by third party services (including Third Party Sites), errors or bugs in third party software, hardware, or the Internet on which ESAB relies to provide the Helmet Connect Service, or any changes to the Helmet Connect Service made by or on behalf of the Client, and the Client acknowledges that ESAB does not control such third party services and that such errors and bugs are inherent in the Use of such software, hardware and the Internet.
15. ESAB'S LIABILITY
15.1 ESAB will not be liable to the Client, whether in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise, for any loss arising under or in connection with the Agreement in conditions that fall into any of the following categories: loss (whether direct or indirect) of profit, goodwill, business, business opportunity, revenue, turnover or reputation; loss (whether direct or indirect) of anticipated saving or wasted expenditure; loss of or damage to data; or any special, indirect or consequential damage or loss, costs or expenses.
15.2 To the fullest extent permitted by applicable law, under no circumstances shall ESAB be deemed liable to Client and/or any third parties for any amount in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise, arising under or in connection with the Agreement and/or the Helmet Connect Service.
16. CHANGES TO THE ESAB SERVICE
The Client recognizes that ESAB is always innovating and finding ways to improve the Helmet Connect Service with new features and services. The Client therefore agrees that the Helmet Connect Service may change from time to time and no warranty, representation or other commitment is given in relation to the continuity of any functionality of the Helmet Connect Service.
17. GENERAL
17.1 Written communications
Applicable laws may require that some of the information or communications that ESAB sends to the Client should be in writing. When using the Helmet Connect Service, the Client accepts that communication with ESAB will mainly be electronic. ESAB will contact the Client by e- mail or provide the Client with information by posting notices on the Helmet Connect Service. For contractual purposes, the Client agrees to this electronic means of communication and the Client acknowledges that all contracts, notices, information and other communications that ESAB provides to the Client electronically comply with any legal requirement that such communications be in writing.
17.2 Notices
All notices given by the Client to ESAB must be submitted to support@esab.co.in. ESAB may give notice to the Client at either the e-mail or postal address the Client provides to ESAB, or any other way that ESAB deems appropriate. Notice will be deemed received and properly served immediately when posted on the Helmet Connect Service or 24 hours after an e-mail is sent or three days after the date of posting of any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail that such e-mail was sent to the specified e-mail address of the addressee.
17.3 Transfer of any rights and obligations
The Client may not transfer, assign, charge or otherwise deal in the
Agreement, or any of the Client's rights or obligations arising under
the Agreement, without ESAB's prior written consent.
17.4 Events outside a party's control
Neither party shall be liable to the other party for any delay or non-performance of any of its obligations under the Agreement arising from any cause beyond its control including, without limitation, any of the following: telecommunications failure, Internet failure, act of God, act of a third party unless an approved sub-contractor of ESAB, governmental act, war, fire, flood, explosion, or civil commotion. Notwithstanding the foregoing, nothing in this clause shall excuse the Client from any payment obligation under the Agreement.
17.5 Changes to these Terms of Service
ESAB may amend these Terms of Service from time to time. Every time the Client uses the Helmet Connect Service, the Client acknowledges that it is responsible for checking these Terms of Service to ensure it understands the Terms of Service that apply at any time. Any changes to these Terms of Service in the future will be posted on this page and, where appropriate, notified to the Client by e-mail.
17.6 Third party rights
Other than as expressly stated in the Agreement, a person who is not a party to the Agreement may not enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999.
17.7 Waiver
No forbearance or delay by either party in enforcing its rights shall prejudice or restrict the rights of that party, and no waiver of any such rights or any breach of any contractual terms shall be deemed to be a waiver of any other right or of any later breach.
17.8 Severability
If any provision of the Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions of the Agreement shall not be prejudiced.
17.9 Law and jurisdiction
This Agreement shall be governed by, and construed in accordance
with, English law, and each party hereby submits to the exclusive
jurisdiction of the courts of England.
Addendum A
End-User Software License Agreement
END-USER SOFTWARE LICENSE AGREEMENT
This is a Software License Agreement (the “Agreement”) concerning the license and use of ESAB Software (“ESAB Software”) within certain machines and systems by and between the company acquiring the Products (“Customer”), and ESAB India Limited and/or its affiliates and subsidiaries (“ESAB”). This Agreement and the purchase order terms and conditions contain the parties’ entire understanding relating to the subject matter and supersede all prior or contemporaneous written or oral agreements or terms.
1. USE OF ALL SOFTWARE IS SUBJECT TO LICENSE RESTRICTIONS. CAREFULLY READ THIS AGREEMENT. USE OF ESAB SOFTWARE INDICATES CUSTOMER’S COMPLETE AND UNCONDITIONAL ACCEPTANCE OF THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT. BY INSTALLING, COPYING OR OTHERWISE ACCESSING ESAB SOFTWARE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU ARE INSTALLING, COPYING, OR OTHERWISE ACCESSING ESAB SOFTWARE AS AN EMPLOYEE, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THIS AGREEMENT ON CUSTOMER’S BEHALF. IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, CUSTOMER MAY NOT USE OR COPY ESAB SOFTWARE WHICH OFFERED TO CUSTOMER CONDITIONED ON CUSTOMER’S ACCEPTANCE WITHOUT MODIFICATION OF THE TERMS CONTAINED HEREIN. ANY ADDITIONAL OR DIFFERENT PURCHASE ORDER TERMS AND CONDITIONS SHALL NOT APPLY.
2. GRANT OF LICENSE. ESAB Software installed, downloaded, or otherwise acquired by the Customer in connection with the purchase of ESAB Products, or as a stand-alone purchase, including any updates, modifications, revisions, copies, documentation, setup files and design data (“Software”) is copyrighted and/or confidential information of ESAB or its licensors, who maintain exclusive title to all Software and retain all rights not expressly granted by this Agreement. Customer agrees to not disclose, provide, or otherwise make available such confidential and/or copyrighted material in any form to any third party without the prior written consent of ESAB. Customer agrees to implement reasonable security measures to protect such confidential and/or copyrighted material. ESAB grants to Customer a nontransferable, nonexclusive license to use ESAB Software solely: (a) for Customer’s internal business purposes; and (b) on the ESAB Product and associated computer hardware and at the site authorized by ESAB and (c) on one Customer processor approved in writing by ESAB (“Authorized Use”).
3. PRODUCT IMPROVEMENTS. If Customer provides any feedback or requests any change or enhancement to ESAB Products, whether in the course of receiving support or consulting services, evaluating ESAB Products, performing beta testing or otherwise, any inventions, product improvements, modifications or developments made by ESAB (at ESAB’s sole discretion) will be the exclusive property of ESAB.
4. RESTRICTIONS ON USE.
4.1 Customer may copy ESAB Software only as reasonably necessary
to support the Authorized Use. Each copy must include all notices and
legends embedded in ESAB Software and affixed to its medium and
container as received from ESAB. All copies shall remain the property of
ESAB. Except for embedded software that has been embedded in executable
code form in ESAB’s Product(s), Customer shall maintain a record of the
number and primary location of all copies of ESAB Software, including
copies merged with other software, and shall make those records
available to ESAB upon request. Customer shall not make Products
available in any form to any person other than Customer’s employees and
on-site contractors (excluding ESAB competitors) whose job performance
requires access and who are under obligations of confidentiality.
Customer shall take appropriate action to protect the confidentiality of
ESAB Software and ensure that any person permitted access does not
disclose or use ESAB Software except as permitted by this Agreement.
Customer shall give ESAB written notice of any unauthorized disclosure
or use of the ESAB Software as soon as Customer becomes aware of such
unauthorized disclosure or use.
4.2 Customer acknowledges that the ESAB Software contains source
code which is proprietary and its confidentiality is of the highest
importance and value to ESAB. Customer acknowledges that ESAB may be
seriously harmed if such source code is disclosed in violation of this
Agreement. Except as otherwise permitted for purposes of
interoperability as specified by applicable and mandatory local law,
Customer shall not reverse-assemble, disassemble, reverse-compile, or
reverse-engineer any ESAB Software, or in any way derive any source code
from ESAB Software that is not provided to Customer in source code
form.
4.3. Customer shall not disclose or permit disclosure of ESAB’s source
code, in whole or in part, including any of its methods or concepts, to
anyone except Customer’s employees or on-site contractors (excluding
ESAB competitors) with a need to know. Customer shall not copy or
compile source code in any manner.
4.4 Customer may not assign this Agreement or the rights and duties
under it, or relocate, sublicense, or otherwise transfer the ESAB
Products, whether by operation of law or otherwise (“Attempted
Transfer”), without ESAB’s prior written consent. Any Attempted Transfer
without ESAB’s prior written consent shall be a material breach of this
Agreement and may, at ESAB’s option, result in the immediate termination
of this Agreement and/or the licenses granted under this Agreement. The
terms of this Agreement, including without limitation the licensing and
assignment provisions, shall be binding upon Customer’s permitted
successors in interest and assigns.
4.5 The provisions of this Section 4 shall survive the termination of
this Agreement.
4.6 If the ESAB Software is sold as “time limited” (as part of a
trial, pre-release, or subscription), then the Customer will be in
breach of this Agreement by running the software past the allotted time.
Any attempt to alter or disrupt time keeping on any device accessing the
ESAB Software to circumvent the allotted time shall be considered a
breach of this Agreement.
5. SUPPORT SERVICES. ESAB may provide Customer with updates and technical support for the ESAB Software when new versions of the ESAB Software are released.
6. OPEN SOURCE SOFTWARE (“OSS”). ESAB Products may contain OSS or code distributed under a proprietary third party license agreement, to which additional rights or obligations (“Third Party Terms”) may apply. In the event of conflict between the terms of this Agreement and the Third Party Terms, the Third Party Terms will control solely with respect to the OSS or third party code. The provisions of this Section 6 shall survive the termination of this Agreement.
7. LIMITED WARRANTY.
7.1 The ESAB Software is provided on an "AS IS" basis and ESAB
gives no representations, warranties, conditions or other terms of any
kind in respect of the ESAB Software, whether express or implied,
including (but not limited to) warranties of satisfactory quality,
merchantability, fitness for a particular purpose, or non-
infringement.
7.2 ESAB MAKES NO WARRANTIES WITH RESPECT TO: (A) SERVICES;
(B) SOFTWARE AND/OR PRODUCTS PROVIDED AT NO CHARGE; OR (C) SOFTWARE
UPDATES; ALL OF WHICH ARE PROVIDED “AS IS.”
7.3 THE WARRANTIES SET FORTH IN THIS SECTION 7 ARE EXCLUSIVE.
ESAB MAKES NO OTHER WARRANTIES EXPRESS, IMPLIED OR STATUTORY, WITH
RESPECT TO ESAB SOFTAWRE PROVIDED UNDER THIS AGREEMENT. ESAB
SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF INTELLECTUAL
PROPERTY BY THE ESAB SOFTWARE.
8. LIMITATION OF LIABILITY.
TO THE EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT SHALL
ESAB BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES (INCLUDING LOST PROFITS OR SAVINGS) WHETHER BASED ON CONTRACT,
TORT OR ANY OTHER LEGAL THEORY, EVEN IF ESAB HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL ESAB’S LIABILITY UNDER
THIS AGREEMENT EXCEED THE AMOUNT RECEIVED FROM CUSTOMER FOR THE ESAB
PRODUCT, INCLUDING THE ESAB SOFTWARE LICENSED UNDER THIS AGREEMENT,
GIVING RISE TO THE CLAIM. IN THE CASE WHERE NO AMOUNT WAS PAID, ESAB AND
ITS LICENSORS SHALL HAVE NO LIABILITY FOR ANY DAMAGES WHATSOEVER. THE
PROVISIONS OF THIS SECTION 8 SHALL SURVIVE THE TERMINATION OF THIS
AGREEMENT.
9. THIRD PARTY CLAIMS.
9.1 Customer acknowledges that ESAB has no control over the
testing of Customer’s products, or the specific applications and use of
the ESAB Products or ESAB Software. ESAB shall not be liable for any
claim or demand made against Customer by any third party.
9.2 In the event that a third party makes a claim against ESAB
arising out of the use of Customer’s products, ESAB will give Customer
prompt notice of such claim. At Customer’s option and expense, Customer
may take sole control of the defense and any settlement of such claim.
Customer WILL reimburse and hold harmless ESAB for any LIABILITY,
damages, settlement amounts, costs and expenses, including reasonable
attorney’s fees, incurred by or awarded against ESAB or its licensors in
connection with such claims.
9.3 The provisions of this Section 9 shall survive any expiration or
termination of this Agreement.
10. INFRINGEMENT.
10.1 ESAB will defend or settle, at its option and expense, any
action brought against Customer which alleges that any standard,
generally supported ESAB Software acquired by Customer from ESAB
infringes a patent or copyright or misappropriates a trade secret of a
third party. ESAB will pay costs and damages finally awarded against
Customer that are attributable to such action. Customer understands and
agrees that as conditions to ESAB’s obligations under this section,
Customer must: (a) notify ESAB promptly in writing of the action; (b)
provide ESAB all reasonable information and assistance to settle or
defend the action; and (c) grant ESAB sole authority and control of the
defense or settlement of the action.
10.2 If a claim is made under Subsection 10.1 ESAB may, at its option
and expense: (a) replace or modify the ESAB Software so that it becomes
non-infringing; (b) procure for Customer the right to continue using the
ESAB Software; or (c) require the return of the ESAB Product and refund
to Customer any purchase price or license fee paid, if any, less a
reasonable allowance for use.
10.3 ESAB has no liability to Customer if the claim or action is
based upon: (a) the combination of ESAB Software (or ESAB Product
hardware) with any product not furnished by ESAB; (b) the modification
of the ESAB Software or ESAB Product other than by ESAB; (c) the use of
other than a current unaltered release of the ESAB Software; (d) the use
of the ESAB Software as part of an infringing process; (e) a product
that Customer makes, uses, or sells; or (f) infringement by Customer
that is deemed willful. In the case of (f), Customer shall reimburse
ESAB for its reasonable attorney fees and other costs related to the
action.
10.4 THIS SECTION 10 IS SUBJECT TO SECTION 8 ABOVE AND STATES
THE ENTIRE LIABILITY OF ESAB, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY,
FOR DEFENSE, SETTLEMENT AND DAMAGES, WITH RESPECT TO ANY ALLEGED PATENT
OR COPYRIGHT INFRINGEMENT OR TRADE SECRET MISAPPROPRIATION BY ANY ESAB
SOFTWARE PROVIDED UNDER THIS AGREEMENT.
11. TERMINATION AND EFFECT OF TERMINATION.
11.1 The license granted in Section 2 of this Agreement shall
remain in effect as long as Customer uses the ESAB Software in an ESAB
Product, unless terminated for any of the reasons set forth herein
below.
11.2 ESAB may terminate this Agreement and/or any license granted
under this Agreement immediately upon written notice if Customer: (a)
uses, modifies, or transfers the ESAB Software in a manner that exceeds
the scope of the license, or otherwise fails to comply with the
licensing or confidentiality provisions of this Agreement, or (b)
becomes insolvent, files a bankruptcy petition, institutes proceedings
for liquidation or winding up or enters into an agreement to assign its
assets for the benefit of creditors. For any other material breach of
any provision of this Agreement, ESAB may terminate this Agreement
and/or any license granted under this Agreement upon 30 days written
notice if Customer fails to cure the breach within the 30 day notice
period. Termination of this Agreement or any license granted hereunder
will not affect Customer’s obligation to pay for ESAB Products shipped
or licenses granted prior to the termination, which amounts shall be
payable immediately upon the date of termination.
11.3 Upon termination of this Agreement, the rights and obligations
of the parties shall cease except as expressly set forth in this
Agreement. Upon termination of this Agreement and/or any license granted
under this Agreement, Customer shall ensure that all use of the affected
ESAB Software ceases, and shall either return to ESAB or destroy ESAB
Software in Customer’s possession, including all copies and
documentation, and certify in writing to ESAB within ten business days
of the termination date that Customer no longer possesses any of the
licensed ESAB Software or copies of ESAB Software in any form.
12. CONTROLLING LAW, JURISDICTION AND DISPUTE RESOLUTION. This
Agreement shall be
governed by and construed under the laws of the State of Delaware, U.S.,
and all disputes hereunder shall be submitted to the exclusive
jurisdiction and venue in a State or Federal Court in Wilmington,
Delaware.
13. SEVERABILITY. If any provision of this Agreement is held by a court of competent jurisdiction to be void, invalid, unenforceable or illegal, such provision shall be severed from this Agreement and the remaining provisions will remain in full force and effect.
14. MISCELLANEOUS. This Agreement contains the parties’ entire
understanding relating to its subject matter and supersedes all prior or
contemporaneous agreements. This Agreement may only be modified in
writing, signed by an authorized representative of each party. Waiver of
terms or excuse of breach must be in writing and shall not constitute
subsequent consent, waiver or excuse.
Addendum B
DPA
Data Processing Agreement
(hereinafter referred to as “Data Processing Agreement” or “DPA”) by and between
1. ESAB (as defined in the ESAB Helmet Connect Terms of Service)
and
2. the Client (as defined in the ESAB Helmet Connect Terms of Service and Order Form)
- ESAB and Client hereinafter referred to as “Parties” and each as “Party” -
PREAMBLE
ESAB offers the licensing and maintenance of a cloud platform for managing, and analyzing the performance of, certain machines, hereinafter altogether called (the “Services”) in accordance with the ESAB Helmet Connect Terms of Service, Order Form, and End-User Software License Agreement entered into by Client and ESAB (“Agreement”). In the course of providing the Services, ESAB will process personal data of Client and/or Client’s affiliates who are beneficiaries under the Agreement.
This DPA and its Exhibits regulate the data protection obligations of the Parties when processing Client Personal Data under the Agreement. This DPA is supplemental to and subject to the terms and conditions of the Agreement. In the event of a conflict between any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail.
DEFINITIONS
1. DEFINITIONS
1.1 Unless otherwise set out below, each capitalised term in this DPA shall have the meaning set out in the Agreement. In this DPA, unless the context requires otherwise:
"Affiliates" means the affiliated offices of Client that are expressly identified in the Agreement as beneficiaries under the Agreement;
“Applicable Law” means all laws, rules and regulations applicable to either party’s performance under this DPA, including but not limited to those applicable to the Processing of Client Personal Data;
"CCPA" means the California Consumer Privacy Act,
Cal. Civ. Code §§ 1798.100 et seq., including any amendments and any
implementing regulations thereto that become effective on or after the
effective date of this DPA;
“CCPA Consumer” means a “consumer” as such term is
defined in the CCPA;
"CCPA Personal Information" means the “personal information” (as defined in the CCPA) about CCPA Consumers that ESAB Processes on behalf of the Client and/or the Client’s Affiliates in connection with ESAB’s provision of the Services;
"Controller" has the meaning given in the GDPR;
"Client Personal Data" means information that relates to an identified or identifiable person that is provided to ESAB by Client or its Affiliates, and Processed by ESAB in connection with providing the Services under the Agreement, including, but not limited to the CCPA Personal Information and the GDPR Personal Data;
"Data Processing Services" means the Processing of CCPA Personal Information for any purpose permitted by the CCPA, such as for a permitted "business purpose," as such term is defined in the CCPA, or for any other purpose expressly permitted by the CCPA;
"Data Subject" has the meaning given in the GDPR;
"EU Data Protection Laws" means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (the "GDPR") and any applicable national legislation implementing or supplementing the GDPR, in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of GDPR Personal Data as well as the data protection laws of Switzerland and the UK (including the UK Data Protection Act 2018);
"European Economic Area" or "EEA" means the Member States of the European Union together with Iceland, Norway, and Liechtenstein and – for the purpose of this DPA – also the UK and Switzerland;
"Instruction" means any documented instruction submitted in writing by an authorized representative of Client to a designated recipient for ESAB that directs ESAB to perform a specific action with regard to Client Personal Data. Such Instructions may, from time to time thereafter, be amended, supplemented or replaced pursuant to additional Instructions by an authorized representative of Client to a designated recipient for ESAB, provided that such amended, supplemental or replacement Instructions still fall within the scope of the Services. Instructions issued for the purpose of complying with statutory claims under the EU Data Protection Laws or the CCPA, including but not limited to statutory claims under the GDPR with respect to rectification, erasure, restriction or portability, fall within the scope of the Services;
"GDPR Personal Data" means the "personal data" (as defined in the GDPR) about Data Subjects located in the EEA that ESAB Processes on behalf of the Client and/or the Client’s Affiliates in connection with ESAB’s provision of the Services;
"Processing" has the meaning given in the GDPR, and
"Process" will be interpreted accordingly;
"Processor" has the meaning given in the GDPR;
"Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Client Personal Data;
“Sell” and “Sale” have the meaning given in the CCPA;
“Services” means the service(s) provided by ESAB to the Client under the Agreement, including the Data Processing Services;
"Standard Contractual Clauses" means the Standard Contractual Clauses (processors) approved by the European Commission Decision C(2010)593or any subsequent version thereof released by the European Commission, attached as Exhibit F of this DPA;
"Subprocessor" means any Processor engaged by ESAB who agrees to Process Client Personal Data in connection with providing the Services to ESAB; and
"Supervisory Authority" has the meaning given in the GDPR.
2. AMENDMENT OF AGREEMENT
2.1 This DPA is an integral part of and amends the Agreement with respect to any Processing of Client Personal Data provided by Client or Affiliates in connection with the Agreement.
3. SUBJECT MATTER, DURATION, NATURE AND PURPOSE, AND SPECIFICATION OF PROCESSING OPERATIONS
3.1 The subject matter, duration, nature and purpose of the Processing are described in Exhibit A, this Sec. 3 and the Agreement.
3.2 The categories of data and data subjects which may be affected by the Processing are listed in Exhibit A.
3.3 The duration of the Processing shall correspond to the duration of this Data Processing Agreement as set forth in Sec. 9.
4. ESAB’S OBLIGATIONS
4.1 ESAB shall in the course of providing Services Process Client Personal Data only on behalf of and under the documented Instructions of Client unless such Processing is permitted or required by Applicable Law.
4.2 ESAB shall take steps reasonably necessary to ensure that any
natural person acting under its authority who has access to Client
Personal Data does not Process such data except on Instructions from
Client, unless otherwise required to do so by Applicable Law.
4.3 ESAB ensures that persons authorized to process the Client
Personal Data have committed themselves to confidentiality or are under
an appropriate statutory obligation of confidentiality and that the
obligation will remain after termination of this Data Processing
Agreement.
4.4 Technical and Organizational Data Security Measures
4.4.1 The appropriate technical and organizational data security measures implemented at the date of the signing of this Data Processing Agreement are specified in Exhibit B. The measures specified in Exhibit B are subject to technical advancements and development.
4.4.2 When assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Personal Data transmitted, stored or otherwise Processed.
4.4.3 If ESAB significantly modifies measures specified in Exhibit B, such modifications have to meet the obligations pursuant to Sec. 4.4.2. ESAB shall make available to Client a description of such modified measures. By notifying, ESAB grants to Client the opportunity to object to such modifications within four (4) weeks. Client shall only be entitled to object to any modification in the case that the modification does not meet the requirements pursuant to Sec. 4.4.2. If Client does not object to the modification within the objection period, consent regarding the modifications shall be assumed. In case of an objection, ESAB may suspend the portion of the Service which is affected by the objection of Client. Client shall not be entitled to a pro-rata refund of remuneration for the Services, unless Client can prove that the obligations pursuant to Sec. 4.4.2 has not been met.
4.5 Documentation and Audit Rights
4.5.1 Upon request and subject to signing the non-disclosure agreement attached as Exhibit C and Applicable Law, ESAB shall make available to Client information reasonably necessary to demonstrate ESAB's compliance with its obligations under this DPA, in particular with the agreed technical and organizational data security measures. ESAB shall have the right to limit unreasonable or overly burdensome requests by the Client and charge Client a reasonable fee for the production of such information. ESAB may, in its discretion provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publicly certified auditing company or by another Client of ESAB.
4.5.2 If Client has justifiable reason to believe that ESAB is not
complying with the terms and conditions under this Data Processing
Agreement, in particular with the obligation to implement and maintain
the agreed technical and organizational data security measures, and only
once per year (unless there are specific indications that require a more
frequent inspection), Client is, subject to signing the non-disclosure
agreement attached as Exhibit C, entitled to audit ESAB. This audit
right can be exercised by (i) requesting additional information, (ii)
accessing the databases which process Client Personal Data or
(iii) by inspecting ESAB's working premises whereby in each case no
access to personal data of other Clients or ESAB’s confidential
information will be granted. Alternatively, Client may also engage third
party auditors to perform such tasks on its behalf in accordance
with
Sec. 4.5.4. The costs associated with such audits and/or for providing
additional information shall be borne by Client.
4.5.3 If Client intends to conduct an audit at ESAB’s working premises, Client shall give reasonable notice to ESAB and agree with ESAB on the time and duration of the audit. In the case of a special legitimate interest, such audit can also be conducted without prior notice. Inspections shall be made during regular business hours and in such a way that business operations are not disturbed. At least one employee of ESAB may accompany the auditors at any time. ESAB may memorialize the results of the audit which shall be confirmed by Client.
4.5.4 Client may not appoint a third party as auditor who (i) ESAB reasonably considers to be in a competitive relationship to ESAB or (ii) is not sufficiently qualified to conduct such an audit, or (iii) is not independent. Any such third-party auditor shall only be engaged if the auditor is bound by a non-disclosure agreement in favor of ESAB prior to conducting any audit or is bound by statutory confidentiality obligations.
4.6 Notification Duties
4.6.1 ESAB shall inform Client without undue delay in text form (e.g., letter, fax or email “Text Form”) of the following events:
• Requests from third parties including such from a Supervisory Authority regarding Client Personal Data; in which case it is permitted to inform the third party of the name of Client and the fact that it has forwarded the request to Client.
• Threats to Client Personal Data in possession of ESAB by garnishment, confiscation, insolvency and settlement proceedings or other incidents or measures by third parties. In such case, ESAB shall immediately inform the respective responsible person/entity that Client holds the sovereignty and ownership of the Client Personal Data.
4.6.2 For the purpose of enabling Client to comply with its own Security Incident notification obligations, ESAB shall notify Client without undue delay after becoming aware of a Security Incident. Such notice will, if possible, include the following information:
• a description of the nature of the Security Incident including where possible, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of Client Personal Data records concerned;
• a description of the measures taken or proposed to be taken by ESAB and/or Client to address the Security Incident, including, where appropriate, measures to mitigate its possible adverse effects; and
• any further information which is available and known to ESAB and
(i) that is necessary for Client to comply with Client’s notification
obligations and (ii) which Client does not otherwise have access
to.
4.6.3 ESAB will take any additional steps, at Client’s request and
expense, that are reasonably necessary to remedy any non-compliance with
this DPA.
4.7 Instructions
4.7.1 ESAB shall inform Client immediately if, from its point of view, an Instruction of Client may lead to a violation of Applicable Law. Until Client either confirms or alternates the Instruction, ESAB may refuse to comply with the Instruction issued.
4.8 Duration and Retention
4.8.1 Except as otherwise provided in clause 4.8.2, ESAB shall, upon completion of the Services in consultation with Client, either delete or return all Client Personal Data in its possession to Client.
4.8.2 ESAB may retain Client Personal Data to the extent required by Applicable Laws after the termination of this DPA, provided that ESAB shall ensure the confidentiality of all such Client Personal Data in accordance with this DPA and the Agreement and shall ensure that such Client Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage.
4.8.3 If a Data Subject addresses ESAB with claims for access, rectification, erasure, restriction, objection or data portability, ESAB shall refer the data subject to Client.
4.9 ESAB will inform Client of the name and the official contact details of its data protection officer if ESAB is, by Applicable Law, required to appoint a data protection officer.
4.10 Without limitation to the foregoing, ESAB’s Processing of GDPR Personal Data is subject to the additional terms set forth in Exhibit D and ESAB’s Processing of CCPA Personal Information is subject to the additional terms set for in Exhibit E.
5. CLIENT’S OBLIGATIONS
5.1 Client shall provide all Instructions pursuant to this Data Processing Agreement to ESAB in Text Form or verbally. Verbal Instructions shall be confirmed immediately in Text Form thereafter.
5.2 Client shall notify ESAB in Text Form of the names of the persons who are entitled to issue Instructions to ESAB. Any consequential costs incurred resulting from Client’s failure to comply with the preceding sentence shall be borne by Client. In any event, the managing directors and personnel/human resource management of Client are entitled to issue Instructions.
5.3 Client shall inform ESAB immediately if Processing by ESAB might lead to a violation of Applicable Law.
5.4 In the case claims based on Applicable Law are raised against
ESAB, Client shall reasonably support ESAB with its defense to the
extent the claim arises in connection with the Processing of Client
Personal Data by ESAB in connection with performing the Services to
Client or Affiliate.
5.5 Client shall name a person responsible for dealing with questions
relating to Applicable Law and data security in the context of
performing this Data Processing Agreement.
6. LIABILITY
6.1 The Parties agree that notwithstanding anything contained hereunder, when providing the Services, ESAB’s liability for breach of any terms and conditions under this Data Processing Agreement shall be subject to the liability limitations agreed in the Agreement.
6.2 No Affiliate shall become beneficiary of this Data Processing Agreement without being bound by this Data Processing Agreement and without accepting the liability limitation set out in Sec. 6.1 above.
6.3 Client will indemnify ESAB against any losses that exceed the liability limitations in the Agreement suffered by ESAB in connection with any claims of Affiliates or Data Subjects who claim rights based on alleged violation of the GDPR or this Data Processing Agreement.
7. COSTS FOR ADDITIONAL SERVICES
If Client’s Instructions lead to a change from or increase of the agreed Services or in the case of ESAB’s compliance with its obligations pursuant to Sec. Error! Reference source not found. or Error! Reference source not found. to assist Client with Client’s own statutory obligations, ESAB is entitled to charge reasonable fees for such tasks which are based on the prices agreed for rendering the Services and/or notified to Client in advance.
8. CONTRACT PERIOD
The duration of this Data Processing Agreement coincides with the duration of the Agreement. It commences and terminates with the provision of the Services under the Agreement, unless otherwise stipulated in the provisions of this Data Processing Agreement.
9. MODIFICATIONS
ESAB may modify or supplement this Data Processing Agreement, with
notice to Client, (i) if required to do so by a Supervisory Authority or
other government or regulatory entity, (ii) if necessary to comply with
Applicable Law, (iii) to implement standard contractual clauses laid
down by the European Commission or
(iv) to adhere to an approved code of conduct or certification mechanism
approved or certified pursuant to Applicable Law.
10. WRITTEN FORM
Any side agreements to this Data Processing Agreement as well as changes and amendments of this Data Processing Agreement or the Services hereunder, including this Sec. 10, shall be in writing.
11. CHOICE OF LAW
11.1 This DPA and any dispute or claim arising out of it or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the EU Member State in which the Client is established; provided, however, that to the extent any such dispute or claim relates to the CCPA, such dispute shall be governed by and construed in accordance with the laws of California.
11.2 Any claim or dispute between the Parties arising out of, or in connection with, this DPA (a “Dispute”) that cannot be resolved by direct discussions between the Parties shall be resolved in accordance with the procedure set out in the Agreement, if any.
12. MISCELLANEOUS
12.1 With respect to any issues arising of or in connection with the Processing of Client Personal Data, this Data Processing Agreement shall prevail over all other agreements between the Parties. This DPA sets forth the entire understanding and agreement between the Parties with respect to the subject matter hereof.
12.2 Severability
12.2.1 If any court or competent authority decides that any term of this DPA is held to be invalid, unlawful, or unenforceable to any extent, such term shall, to that extent only, be severed from the remaining terms, which shall continue to be valid to the fullest extent permitted by law. The Parties will mutually agree on modifications to the Agreement to the extent necessary to ensure compliance with Applicable Law.
12.3 No Waiver
12.3.1 Either Party’s failure to enforce any provision of this DPA
shall not constitute a waiver of that or any other provision and will
not relieve the other Party from the obligation to comply with such
provision.
Exhibit A – Data Processing Specification
Data Exporter
The Client subscribed to the Services that include Processing of GDPR Personal Data.
Data Importer
ESAB, providing the Services as described in the Agreement and in the DPA.
Subject matter, Nature and Purpose of Processing
ESAB offers Client the Services for managing and analyzing the performance of welding helmets. The information the Client enters onto the Services when the Client downloads and registers the Services is sent to ESAB’s online platform(s).
Categories of Data
The Client determines the categories of data entered onto the Services. The transferred GDPR Personal Data typically relates to the following categories of data.
Device and application data, including device identifiers, OS version, app usage data
Bluetooth data, including helmet paired status and device identifiers
Location data, specifically limited location access for nearby device discovery
Notifications data for push notifications, preference, and tokens
Diagnostic data regarding crash logs and performance data
Information on user accounts, such as user names, passwords, information of usage of the Services, information on operation of welding helmets, user’s welding authorization.
Categories of Data Subjects
Unless provided otherwise by the Data Exporter, transferred GDPR Personal Data relates to the following categories of data subjects:
Users of the Services – potentially employees, contractors or agents of the Client.
Helmet operators – potentially employees, contractors or agents of the Client.
Data Retention
ESAB stores the Client’s Personal Data in the Services for the period
of the Agreement. Data will be deleted earlier upon Client’s
request.
Exhibit B – Description of the Technical and
Organizational Security Measures
1. Encryption
Encryption contains measures that enable one to convert clearly legible
information into an illegible string by means of a cryptographic
process.
2. The ability to ensure the ongoing confidentiality,
integrity, availability and resilience of processing systems and
services
Confidentiality and integrity are ensured by the secure processing of
personal data, including protection against unauthorized or unlawful
processing and against accidental loss, destruction or damage.
2.1 Confidentiality
2.1.1. Physical access control
Measures that prevent unauthorized persons from gaining access to data
processing systems with which personal data are processed or used.
Exhibit C – Non-Disclosure Agreement
Non-Disclosure Agreement
(hereinafter referred to as “NDA”) by and between
1. ESAB, as defined in the Data Processing Agreement
and
2. Client, as defined in the Data Processing Agreement
PREAMBLE
The Data Processing Agreement concluded between ESAB and Client grants Client the right to demand information and to audit ESAB for the purposes and within the restrains of Section 3.7 of the Data Processing Agreement. When exercising these auditing rights, Client can potentially gain access to proprietary and confidential information of ESAB relating to the Services or other aspects of ESAB's business. Wishing to protect all confidential information of ESAB, which could be disclosed to Client in the context of Client's document requests or auditing, the Parties enter into the following NDA.
1. INFORMATION
In this NDA “Confidential Information” means all information, know-how, samples and the like of ESAB, disclosed in any form or medium whatsoever, to Client in the context of Client's document request or auditing. For the avoidance of doubt, Client Personal Data is not considered Confidential Information.
2. CONFIDENTIALITY
2.1 Client undertakes to keep all Confidential Information secret and confidential and not to disclose Confidential Information to third parties. Client also undertakes to use the Confidential Information only to the extent necessary to conduct and evaluate the document review and auditing. All Confidential Information will be kept in safe custody by Client and will at all times remain the property of ESAB. Once the Confidential Information is no longer needed for the purposes of evaluating the document review or audit, Client will return all originals, copies, reproductions, summaries and other tangible forms of Confidential Information to ESAB and delete all Confidential Information in its possession irrespective of the form or medium of such Confidential Information.
2.2 In case ESAB has in advance agreed in writing that Client may disclose all or certain pieces of Confidential Information to a third party, Client will nevertheless be liable to ESAB in ensuring that such third party is bound to obligations not less onerous than Client’s obligations assumed hereunder.
2.3 The term “third party” will not apply to Affiliates, as
defined in the Data Processing Agreement, provided such Affiliate is
bound to the same extent of secrecy as Client under this NDA.
2.4 If Client breaches the confidentiality obligations of this NDA,
ESAB shall be entitled to claim a contractual penalty for each breach in
the amount of USD 50,000.00. Any further claims of ESAB, including
claims for cease-and-desist and for damages, are not affected.
3. EMPLOYEES
Client is entitled to disclose the Confidential Information to those
employees who have a need to know such Confidential Information for the
performance of the document review or audit and only to those employees
who
(i) have been bound, in writing, to maintain the Confidential
Information in confidence both during and after the term of their
employment to the extent permitted by the applicable law or (ii) are
bound under their employment contracts by comparable confidentiality
obligations.
4. RIGHTS
Client acknowledges that the right, title and interest in the Confidential Information are and remain the exclusive property of ESAB. Nothing in this NDA is intended to give or shall be interpreted as giving Client a license, express or implied, under any of ESAB's patents and/or other rights now owned or hereinafter acquired by ESAB.
5. NO ANALYSIS
Client will not analyze or have analyzed samples, including but not limited to reverse engineering or any observation of the chemical composition and/or physical characteristics, disclosed in the context of a document review or audit.
6. EXCEPTIONS
6.1 The preceding obligations of this NDA do not apply to Confidential Information which
(i) at the time of disclosure is in the public domain;
(ii) was in Client's possession at the time of disclosure by ESAB;
(iii) after disclosure becomes part of the public domain by publication or otherwise through no fault of Client;
(iv) was obtained by Client from a third party, having a lawful right to disclose the same;
(v) was developed by Client independently from any access to the Confidential Information supplied by ESAB; or
(vi) is required to be disclosed by applicable law, regulation or order of a court of competent jurisdiction provided, however, that Client takes all reasonable steps to restrict and maintain the confidentiality of such disclosure and provides reasonable prior written notice to ESAB of the requirement to disclose such Confidential Information and the specific disclosure(s) proposed to be made to satisfy such law(s), regulation(s) or legal process(es).
6.2 Facts according to (i) to (vi) above must be proven by
Client.
6.3 Any Confidential Information disclosed hereunder will not be
deemed within the foregoing exceptions merely because such Confidential
Information is embraced by more general information in the public domain
or in Client's possession, nor will any combination of items of
Confidential Information be deemed within the exceptions unless the
combination itself and its principle of operation are within the
exceptions.
7. SEVERABILITY
Should any provision of this NDA be or become invalid or unenforceable, such invalidity or unenforceability will not affect the validity or enforceability of the entire NDA. Invalid or unenforceable provisions will be replaced by a legally valid and enforceable regulation which comes closest to the original intention of the Parties. The same applies accordingly to any involuntary omissions in this NDA.
8. MISCELLANEOUS
8.1 This NDA constitutes the entire agreement between the parties relating to the subject matter hereto.
8.2 This NDA may not be changed or amended orally, but only in writing and signed by both Parties. The writing must refer to this NDA and must expressly state that it is an amendment hereof.
8.3 This NDA will in all respects be interpreted in accordance
with and its performance governed by the laws of Sweden, to the
exclusion of its conflict of laws provisions.
Exhibit D – GDPR Data Processing
Addendum
BACKGROUND
This GPDR Data Processing Addendum (“GDPR Addendum”) is supplemental to and subject to the terms and conditions of the Agreement and the DPA and shall apply to ESAB’s Processing of GDPR Personal Data on Client’s behalf. In the event of a conflict between any of the provisions of this GDPR Addendum and the provisions of the Agreement or the DPA, the provisions of this GDPR Addendum shall prevail.
1. INTERPRETATION
1.1 Unless otherwise set out below, each capitalised term in this GDPR Addendum shall have the meaning set out in the Agreement and the DPA.
2. GDPR PERSONAL DATA PROCESSING
2.1 Applicability to GDPR Personal Data. This exhibit to the DPA shall only apply to the Processing of GDPR Personal Data by or on behalf of ESAB.
2.2 Role of the Parties. For the purposes of the EU Data Protection Laws, the Parties acknowledge and agree that ESAB acts as Processor and the Client and/or Affiliates act as Controllers, except when Client or Affiliate acts as a Processor of GDPR Personal Data, in which case ESAB is a subprocessor. The Client acts as a single point of contact for its Affiliates with respect to compliance with EU Data Protection Laws, such that where ESAB gives notice to the Client, such information or notice is deemed received by the Affiliates. The Parties acknowledge and agree that any claims in connection with EU Data Protection Laws under this DPA will be brought by the Client, whether acting for itself or on behalf of an Affiliate.
2.3 Specification of Processing Operations
The subject matter, duration, nature and purpose of the Processing of GDPR Personal Data are described in the Agreement and Schedule 2 of Exhibit G. The categories of GDPR Personal Data and Data Subjects which may be affected by such Processing are listed in Schedule 2 of Exhibit G. The duration of such Processing is set forth in clause 8.
2.4 Instructions for GDPR Personal Data Processing
ESAB will only Process GDPR Personal Data in accordance with:
(a) the Agreement, to the extent necessary to provide the Services to the Client, and
(b) the Client’s Instructions,
unless Processing is required by European Union or Member State law to which ESAB is subject, in which case ESAB shall, to the extent permitted by European Union or Member State law, inform the Client of that legal requirement before Processing that GDPR Personal Data. In addition to any other fees set forth in the Agreement, ESAB shall have the right to charge the Client commercially reasonable rates for complying with the Client’s Instructions relating to the Processing of GDPR Personal Data.
2.5 Required consents and notices
Where required by applicable EU Data Protection Laws, the Client will ensure that it has obtained/will obtain all necessary consents, and has given/will give all necessary notices, for the Processing of GDPR Personal Data by ESAB in accordance with the Agreement.
3. TRANSFER OF GDPR PERSONAL DATA
3.1 ESAB may engage Subprocessors for the Processing of GDPR Personal Data subject to the requirements of this Clause 3 of Exhibit D.
3.2 Any Subprocessor is obliged, before initiating the Processing of GDPR Personal Data, to commit itself in writing for the benefit of Client to comply with the same data protection obligations as the applicable obligations under this DPA. The agreement with the Subprocessor must provide at least the level of data protection required by the applicable sections of this DPA. Where the Subprocessor fails to fulfil such data protection obligations with regard to GDPR Personal Data, ESAB shall remain fully liable to Client for the performance of the Subprocessor’s obligations.
3.3 Any Subprocessor that Processes GDPR Personal Data must in particular agree to comply with the applicable agreed technical and organizational security measures in accordance with clause Error! Reference source not found. herein and provide ESAB with a list of the implemented technical and organizational measures, which upon request by Client will also be made available to Client. Subprocessor’s measures may differ from the ones agreed between Client and ESAB but shall not fall below the level of data security for GDPR Personal Data as provided by the measures of ESAB.
3.4 ESAB will inform Client in writing (email communication being
sufficient) of any intended engagement of a Subprocessor for the
Processing of GDPR Personal Data. Alternatively, ESAB may provide a
website or another notice that lists all Subprocessors to access GDPR
Personal Data of Client as well as the limited or ancillary services
they provide. At least two (2) weeks before authorizing any new
Subprocessor to access GDPR Personal Data, ESAB will notify Client
thereof and, if applicable, update its website. By so notifying, ESAB
grants to Client the opportunity to object to such change within two (2)
weeks. If Client does not object to the engagement within the objection
period, consent regarding the engagement shall be assumed. Upon Client’s
request, ESAB will provide all information necessary to demonstrate that
the Subprocessor will meet all requirements pursuant to Sec. Error!
Reference source not found. and 3.3. In the case Client objects to the
Processing of GDPR Personal Data by a potential Subprocessor, ESAB can
choose to either not engage the Subprocessor or to terminate the
Agreement with two (2) months prior written notice. Until the
termination of the Agreement, ESAB may suspend the portion of the
Services that is affected by the objection of Client. Client shall not
be entitled to a pro-rata refund of the remuneration for the Services,
unless the objection is based on justified reasons of non-compliance
with applicable EU Data Protection Laws.
3.5 Client herewith agrees also on behalf of its Affiliates to the
following Subprocessors of GDPR Personal Data:
For Crashlytics Services:
For all kinds of services:
3.6 Prohibition on Transfers of GDPR Personal Data
GDPR Personal Data may only be exported or accessed by ESAB or its Subprocessors outside the EEA or Switzerland (the "International Transfer"):
(a) if the recipient, or the country or territory in which it Processes GDPR Personal Data, ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the Processing of GDPR Personal Data as determined by the European Commission; or
(b) in accordance with Sec. 3.7.
3.7 Standard Contractual Clauses
(a) The Standard Contractual Clauses between Client, Affiliate and ESAB as set out in Exhibit F apply where there is an International Transfer to or within a country or territory that does not ensure an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of GDPR Personal Data as determined by the European Commission.
(b) For Subprocessors based outside the EEA and outside any country for which the European Commission has published an adequacy decision (the "Third Country Subprocessors"), ESAB will enter into an unchanged version of the Standard Contractual Clauses reflecting what has been agreed in Exhibit F with Third Country Subprocessors prior to the Subprocessor’s processing of GDPR Personal Data. The Client hereby accedes to the Standard Contractual Clauses between ESAB and the Third Country Subprocessor. ESAB will enforce the Standard Contractual Clauses against the Subprocessor on behalf of the Client if a direct enforcement right is not available under EU Data Protection Laws.
(c) If there is an inconsistency between any of the provisions of this DPA and the provisions of the Standard Contractual Clauses, the provisions of the Standard Contractual Clauses shall prevail.
4. ACCESS REQUESTS AND DATA SUBJECT RIGHTS
4.1 Unless otherwise required by applicable law, ESAB shall promptly notify the Client of any request received by ESAB or any Subprocessor from a Data Subject in respect of the GDPR Personal Data of the Data Subject and shall not respond to the Data Subject.
4.2 Where applicable by virtue of Article 28(3)(e) of the GDPR,
taking into account the nature of the Processing, ESAB shall assist the
Client by appropriate technical and organisational measures, insofar as
this is possible, for the fulfilment of the Client’s obligation to
respond to requests for exercising Data Subject rights laid down in the
GDPR.
5. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
5.1 Where applicable by virtue of Article 28(3)(f) of the GDPR, ESAB shall provide reasonable assistance to the Client with any data protection impact assessments which are referred to in Article 35 of the GDPR and with any prior consultations to any Supervisory Authority of the Client which are referred to in Article 36 of the GDPR, in each case solely in relation to Processing of GDPR Personal Data and taking into account the nature of the Processing and information available to ESAB.
6. ADDITIONAL LIABILITY CLAUSES
6.1 Client and ESAB shall be each liable for damages of affected Data Subjects according to Art. 82 GDPR (external liability). Sec. 6.1 shall have no effect as regards the external liability.
6.2 Either Party shall be entitled to claim back from the other
Party, ESAB or Client, that part of the compensation, corresponding to
the other Party’s part of responsibility for the damage (internal
liability).
Exhibit E – CCPA Data Processing
Addendum
BACKGROUND
This CCPA Data Processing Addendum (“CCPA Addendum”) is supplemental to and subject to the terms and conditions of the Agreement and the DPA and shall apply to ESAB’s Processing of CCPA Personal Information on Client’s behalf. In the event of a conflict between any of the provisions of this CCPA Addendum and the provisions of the Agreement or the DPA, the provisions of this CCPA Addendum shall prevail.
1. INTERPRETATION
1.1 Unless otherwise set out below, each capitalised term in this CCPA Addendum shall have the meaning set out in the Agreement and the DPA.
2. CCPA PERSONAL INFORMATION PROCESSING
2.1 Applicability to CCPA Personal Information. This Exhibit F to the DPA shall apply to the Processing of CCPA Personal Information by or on behalf of ESAB.
2.2 Role of the Parties. For the purposes of the CCPA, the Parties acknowledge and agree that ESAB will act as a “Service Provider” as such term is defined in the CCPA, in its performance of its obligations pursuant to the Agreement. The Client will act as a single point of contact for its Affiliates with respect to CCPA compliance, such that if ESAB gives notice to the Client, such information or notice will be deemed received by the Client’s Affiliates. The Parties acknowledge and agree that any claims in connection with the CCPA under this DPA will be brought by the Client, whether acting for itself or on behalf of an Affiliate.
2.3 Instructions for CCPA Personal Information
Processing
ESAB shall not retain, use or disclose CCPA Personal Information for any
purpose other than for the specific purpose of providing the Services,
or as otherwise permitted by the CCPA, including retaining, using, or
disclosing CCPA Personal Information for a commercial purpose other than
providing the Services.
Processing CCPA Personal Information outside the scope of this DPA or the Agreement will require prior written agreement between the Client and ESAB on additional Instructions for Processing. In addition to any other fees set forth in the Agreement, ESAB shall have the right to charge the Client commercially reasonable rates for complying with the Client’s Instructions relating to the Processing of CCPA Personal Information.
2.4 Required consents and notices
Where required by applicable laws, the Client will ensure that it has obtained/will obtain all necessary consents, and has given/will give all necessary notices, for the Processing of CCPA Personal Information by ESAB in accordance with the Agreement.
3. TRANSFER OF CCPA PERSONAL INFORMATION
3.1 No Sale of CCPA Personal Information
The ESAB shall not Sell any CCPA Personal Information to another business or third party without the prior written consent of the Client unless and to the extent that such Sale is made to a Subprocessor for a business purpose, provided that ESAB has entered into a written agreement with Subprocessor which imposes the same obligations on the Subprocessor with regard to their Processing of CCPA Personal Information as are imposed on the ESAB under this DPA and the Agreement. Notwithstanding the foregoing, nothing in this DPA or the Agreement shall restrict the ESAB’s ability to disclose CCPA Personal Information to comply with applicable laws or as otherwise permitted by the CCPA.
3.2 Subprocessors
ESAB may engage any Subprocessors for the Processing of CCPA Personal
Information that commit in writing for the benefit of Client to comply
with the same data protection obligations as the applicable obligations
under this DPA, including but not limited to any applicable minimum
technical and organizational security measures set forth in this DPA.
The agreement with the Subprocessor must provide at least the level of
data protection required by the applicable sections of this DPA. Where
the Subprocessor fails to fulfil such data protection obligations, ESAB
shall remain fully liable to Client for the performance of the
Subprocessor’s obligations. Client acknowledges and agrees that the
following Subprocessors may Process CCPA Personal Information on behalf
of Client and its Affiliates:
For Crashlytics Services:
For all kinds of services:
4. CONSUMER RIGHTS REQUESTS
4.1 CCPA Consumer Rights Requests
Unless otherwise provided by applicable law, ESAB shall promptly
notify the Client of any request received by ESAB or any Subprocessor
from a CCPA Consumer in respect of the CCPA Personal Information of the
CCPA Consumer, and shall not respond to the CCPA Consumer.
Exhibit F – Standard Contractual
Clauses
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the
transfer of personal data to processors established in third countries
which do not ensure an adequate level of data protection
Name of the data exporting organisation: Client and Affiliates ("data
exporter")
And
Name of the data importing organisation: ESAB ("data importer")
each a “party”; together “the parties”,
HAVE AGREED, as of the date of the last signature below, on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 1
Definitions
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data',
'process/processing', 'controller', 'processor', 'data subject' and
'supervisory authority' shall have the same meaning as in Directive
95/46/EC of the European Parliament and of the Council of 24 October
1995 on the protection of individuals with regard to the processing of
personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the
personal data;
(c) 'the data importer' means the processor who agrees to receive
from the data exporter personal data intended for processing on his
behalf after the transfer in accordance with his instructions and the
terms of the Clauses and who is not subject to a third country's system
ensuring adequate protection within the meaning of Article 25(1) of
Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data
importer or by any other subprocessor of the data importer who agrees to
receive from the data importer or from any other subprocessor of the
data importer personal data exclusively intended for processing
activities to be carried out on behalf of the data exporter after the
transfer in accordance with his instructions, the terms of the Clauses
and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation
protecting the fundamental rights and freedoms of individuals and, in
particular, their right to privacy with respect to the processing of
personal data applicable to a data controller in the Member State in
which the data exporter is established;
(f) 'technical and organisational security measures' means those
measures aimed at protecting personal data against accidental or
unlawful destruction or accidental loss, alteration, unauthorized
disclosure or access, in particular where the processing involves the
transmission of data over a network, and against all other unlawful
forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this
Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause
6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party
beneficiary.
2. The data subject can enforce against the data importer this
Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
Clauses 9 to 12, in cases where the data exporter has factually
disappeared or has ceased to exist in law unless any successor entity
has assumed the entire legal obligations of the data exporter by
contract or by operation of law, as a result of which it takes on the
rights and obligations of the data exporter, in which case the data
subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause,
Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses
9 to 12, in cases where both the data exporter and the data importer
have factually disappeared or ceased to exist in law or have become
insolvent, unless any successor entity has assumed the entire legal
obligations of the data exporter by contract or by operation of law as a
result of which it takes on the rights and obligations of the data
exporter, in which case the data subject can enforce them against such
entity. Such third-party liability of the subprocessor shall be limited
to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by
an association or other body if the data subject so expressly wishes and
if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the
personal data has been and will continue to be carried out in accordance
with the relevant provisions of the applicable data protection law (and,
where applicable, has been notified to the relevant authorities of the
Member State where the data exporter is established) and does not
violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the
personal data processing services will instruct the data importer to
process the personal data transferred only on the data exporter's behalf
and in accordance with the applicable data protection law and the
Clauses;
(c) that the data importer will provide sufficient guarantees in
respect of the technical and organisational security measures specified
in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data
protection law, the security measures are appropriate to protect
personal data against accidental or unlawful destruction or accidental
loss, alteration, unauthorized disclosure or access, in particular where
the processing involves the transmission of data over a network, and
against all other unlawful forms of processing, and that these measures
ensure a level of security appropriate to the risks presented by the
processing and the nature of the data to be protected having regard to
the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the
data subject has been informed or will be informed before, or as soon as
possible after, the transfer that its data could be transmitted to a
third country not providing adequate protection within the meaning of
Directive 95/46/EC;
(g) to forward any notification received from the data importer or
any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data
protection supervisory authority if the data exporter decides to
continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the
Clauses, with the exception of Appendix 2, and a summary description of
the security measures, as well as a copy of any contract for
subprocessing services which has to be made in accordance with the
Clauses, unless the Clauses or the contract contain commercial
information, in which case it may remove such commercial
information;
(i) that, in the event of subprocessing, the processing activity is
carried out in accordance with Clause 11 by a subprocessor providing at
least the same level of protection for the personal data and the rights
of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter
and in compliance with its instructions and the Clauses; if it cannot
provide such compliance for whatever reasons, it agrees to inform
promptly the data exporter of its inability to comply, in which case the
data exporter is entitled to suspend the transfer of data and/or
terminate the contract;
(b) that it has no reason to believe that the legislation applicable
to it prevents it from fulfilling the instructions received from the
data exporter and its obligations under the contract and that in the
event of a change in this legislation which is likely to have a
substantial adverse effect on the warranties and obligations provided by
the Clauses, it will promptly notify the change to the data exporter as
soon as it is aware, in which case the data exporter is entitled to
suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security
measures specified in Appendix 2 before processing the personal data
transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data
by a law enforcement authority unless otherwise prohibited, such as a
prohibition under criminal law to preserve the confidentiality of a law
enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without
responding to that request, unless it has been otherwise authorized to
do so;
(e) to deal promptly and properly with all inquiries from the data
exporter relating to its processing of the personal data subject to the
transfer and to abide by the advice of the supervisory authority with
regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing
facilities for audit of the processing activities covered by the Clauses
which shall be carried out by the data exporter or an inspection body
composed of independent members and in possession of the required
professional qualifications bound by a duty of confidentiality, selected
by the data exporter, where applicable, in agreement with the
supervisory authority;
(g) to make available to the data subject upon request a copy of the
Clauses, or any existing contract for subprocessing, unless the Clauses
or contract contain commercial information, in which case it may remove
such commercial information, with the exception of Appendix 2 which
shall be replaced by a summary description of the security measures in
those cases where the data subject is unable to obtain a copy from the
data exporter;
(h) that, in the event of subprocessing, it has previously informed
the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried
out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it
concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered
damage as a result of any breach of the obligations referred to in
Clause 3 or in Clause 11 by any party or subprocessor is entitled to
receive compensation from the data exporter for the damage
suffered.
2. If a data subject is not able to bring a claim for compensation in
accordance with paragraph 1 against the data exporter, arising out of a
breach by the data importer or his subprocessor of any of their
obligations referred to in Clause 3 or in Clause 11, because the data
exporter has factually disappeared or ceased to exist in law or has
become insolvent, the data importer agrees that the data subject may
issue a claim against the data importer as if it were the data exporter,
unless any successor entity has assumed the entire legal obligations of
the data exporter by contract of by operation of law, in which case the
data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its
obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data
exporter or the data importer referred to in paragraphs 1 and 2, arising
out of a breach by the subprocessor of any of their obligations referred
to in Clause 3 or in Clause 11 because both the data exporter and the
data importer have factually disappeared or ceased to exist in law or
have become insolvent, the subprocessor agrees that the data subject may
issue a claim against the data subprocessor with regard to its own
processing operations under the Clauses as if it were the data exporter
or the data importer, unless any successor entity has assumed the entire
legal obligations of the data exporter or data importer by contract or
by operation of law, in which case the data subject can enforce its
rights against such entity. The liability of the subprocessor shall be
limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes
against it third-party beneficiary rights and/or claims compensation for
damages under the Clauses, the data importer will accept the decision of
the data subject:
(a) to refer the dispute to mediation, by an independent person or,
where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which
the data exporter is established.
2. The parties agree that the choice made by the data subject will
not prejudice its substantive or procedural rights to seek remedies in
accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract
with the supervisory authority if it so requests or if such deposit is
required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to
conduct an audit of the data importer, and of any subprocessor, which
has the same scope and is subject to the same conditions as would apply
to an audit of the data exporter under the applicable data protection
law.
3. The data importer shall promptly inform the data exporter about
the existence of legislation applicable to it or any subprocessor
preventing the conduct of an audit of the data importer, or any
subprocessor, pursuant to paragraph 2. In such a case the data exporter
shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely the Member State in which the applicable data exporter’s dependent office is located.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer shall not subcontract any of its processing
operations performed on behalf of the data exporter under the Clauses
without the prior written consent of the data exporter. Where the data
importer subcontracts its obligations under the Clauses, with the
consent of the data exporter, it shall do so only by way of a written
agreement with the subprocessor which imposes the same obligations on
the subprocessor as are imposed on the data importer under the Clauses.
Where the subprocessor fails to fulfil its data protection obligations
under such written agreement the data importer shall remain fully liable
to the data exporter for the performance of the subprocessor's
obligations under such agreement.
2. The prior written contract between the data importer and the
subprocessor shall also provide for a third-party beneficiary clause as
laid down in Clause 3 for cases where the data subject is not able to
bring the claim for compensation referred to in
paragraph 1 of Clause 6 against the data exporter or the data importer
because they have factually disappeared or have ceased to exist in law
or have become insolvent and no successor entity has assumed the entire
legal obligations of the data exporter or data importer by contract or
by operation of law. Such third-party liability of the subprocessor
shall be limited to its own processing operations under the
Clauses.
3. The provisions relating to data protection aspects for
subprocessing of the contract referred to in paragraph 1 shall be
governed by the law of the Member State in which the data exporter is
established, namely the Member State in which the applicable data
exporter’s dependent office is located.
4. The data exporter shall keep a list of subprocessing agreements
concluded under the Clauses and notified by the data importer pursuant
to Clause 5 (j), which shall be updated at least once a year. The list
shall be available to the data exporter's data protection supervisory
authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of
data processing services, the data importer and the subprocessor shall,
at the choice of the data exporter, return all the personal data
transferred and the copies thereof to the data exporter or shall destroy
all the personal data and certify to the data exporter that it has done
so, unless legislation imposed upon the data importer prevents it from
returning or destroying all or part of the personal data transferred. In
that case, the data importer warrants that it will guarantee the
confidentiality of the personal data transferred and will not actively
process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request
of the data exporter and/or of the supervisory authority, it will submit
its data processing facilities for an audit of the measures referred to
in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and
signed by the parties.
The Member States may complete or specify, according to their national
procedures, any additional necessary information to be contained in this
Appendix.
Data exporter
The data exporter is (please specify briefly your activities relevant to
the transfer):
Client and Affiliates
Data importer
The data importer is (please specify briefly activities relevant to the
transfer):
ESAB
Data subjects
The personal data transferred concern the following categories of data
subjects (please specify):
See Exhibit A to the DPA to which these Clauses are attached
Categories of data
The personal data transferred concern the following categories of data
(please specify):
See Exhibit A to the DPA to which these Clauses are attached
Special categories of data (if appropriate)
The personal data transferred concern the following special categories
of data (please specify):
See Exhibit A to the DPA to which these Clauses are attached
Processing operations
The personal data transferred will be subject to the following basic
processing activities (please specify):
See Exhibit A to the DPA to which these Clauses are attached
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and
signed by the parties.
Description of the technical and organisational security
measures implemented by the data importer in accordance with Clauses
4(d) and 5(c) (“TOMs”) (or document/legislation
attached):
See Exhibit B to the DPA to which these Clauses are attached