Skip to content

COREFLUX

TERMS OF SERVICE

I. GENERAL TERMS

1. Object and scope

These terms and conditions (the "Terms of Service") govern the use of our platform, which can be downloaded on the Site (“Platform”) and our products and services (collectively, the “Services”), either they are used by consumers or corporate clients (collectively, the “Customers”).

These Terms of Services are comprised of the following documents:

a) the Terms of Use, which are available here Terms of Use;

b) the Account and Purchase Terms, which are available here Account and Purchase Terms;

c) these Terms of Service, which include these general terms, the specific terms for consumers, the applicable product terms and the DPA, and any additional terms Coreflux presents when an order is placed.

PLEASE READ ALL DOCUMENTS CAREFULLY BEFORE ACCEPTING THESE TERMS OF SERVICE. WE REMIND YOU THAT IN ORDER TO USE OUR PLATFORM, PRODUCTS AND SERVICES, YOU MUST DECLARE AND CONFIRM YOUR ACCEPTANCE OF THESE TERMS OF SERVICE. IF YOU DO NOT AGREE WITH THESE TERMS OF SERVICE, DO NOT USE THE SERVICES.

THESE TERMS OF SERVICE TAKE EFFECT WHEN THE CUSTOMER ACCEPTS THEM (THE "EFFECTIVE DATE"), APPLY TO ANY ORDER UNDER THESE TERMS OF SERVICE, AND SUPERSEDE ANY END USER LICENSE AGREEMENT THAT ACCOMPANIES A PRODUCT.

IF YOU ACCEPT THESE TERMS OF SERVICE ON BEHALF OF A COMPANY OR LEGAL PERSON YOU REPRESENT, YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THESE TERMS OF SERVICE AND TO BIND THE COMPANY OR LEGAL PERSON YOU REPRESENT TO THEM. THE COMPANY OR LEGAL PERSON YOU REPRESENT MAY ASSUME CONTROL OVER THE USE OF OUR SERVICES. COREFLUX MAY INFORM YOU THAT YOUR ORGANIZATION HAS ASSUMED CONTROL OF THE SERVICES COVERED BY THE ORGANIZATION’S SUBSCRIPTION, BUT COREFLUX IS UNDER NO OBLIGATION TO PROVIDE SUCH NOTICE.

2. Information about Us

We hereby inform you that the contracting entity for the purposes of these Terms of Service is Coreflux, whose full social and contact details are set out below:

Company’s name: COREFLUX PORTUGAL, LIMITADA (hereinafter referred to as "Coreflux")

Identification and taxpayer number: 517225310

Address: Centro Empresarial Sarcol, Rua do Tronco, nº 375, Sala W0.3, 4465-275 São Mamede Infesta (Portugal).

3. How to contact us

If you would like to obtain information about or contact us, you can do it through the following channels:

Email: contact@coreflux.org

Telephone: [+351 221 180 460] (call with cost [according to your communications plan]) Office hours will be Monday through Friday from 9:00 a.m. to 6:00 p.m.

You can also contact us at our registered office at Centro Empresarial Sarcol, Rua do Tronco, nº 375, Sala W0.3, 4465-275 São Mamede Infesta (Portugal).

4. Definitions

a) "Authorized User" or “User” means Customer and, when applicable, Customer's employees, consultants, contractors, and agents (i) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to these Terms of Service and (ii) for whom access to the Services has been purchased hereunder.

b) "Cloud Broker" means the services provided by Coreflux under these Terms of Service that are detailed on Coreflux's website available at: https://mqtt.coreflux.org/.

c) "Customer Data" means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or any other Authorized User through the Services.

d) "Documentation" means Coreflux's user manuals, handbooks, and guides relating to the Services provided by Coreflux to Customer either electronically or in hard copy, including through the Site and the Platform.

e)Assets” means each software offered by us aimed as medium into MQTT protocol.

f)Infrastructure” means Customer’s necessary infrastructure to access and use the Services, including the base software (operating system, database, communications, etc.), hardware and hosting and communication lines.

g)Intellectual Property Rights” means any and all patents, patent applications (including any patent rights granted upon any reissue, division, continuation or continuation-in-part applications now or hereafter filed), utility models (issued or pending), registered and unregistered design rights, copyright or related rights (including the copyright over any software code), sui generis rights over databases, trade mark rights, trade secrets and know-how, rights over topographies of semiconductor products, domain names and any other statutory intellectual property or industrial property rights, as well as applications for any such rights.

h)Markings” means any copyright, patent, trademark, trade name, logo or confidentiality notice, mark or legend affixed by Coreflux as part of the Services, the Documentation or any other information delivered by Coreflux to the Customer.

i)Release” means any enhancement or modification to the Services or a new module or supplementary module to function in conjunction with the Services which represents the next generation of the Services, and which Coreflux has decided, in its sole discretion, to make commercially available to the Customers. Releases shall not include any specialized or customized software developed for individual customers.

j)Term” means the period, as of Effective Date, during which (i) these Terms of Service are in force or, depending on the context, (ii) the period during which the Customer is authorized to use one of Cloreflux’s Services.

k)Update” means any minor modification to the Services, which Coreflux has decided, in its sole discretion, to make available without additional charge to the Customers.

l)Version” means each issue of each Release, excluding software of third parties and identified by the number located to the right of the decimal point in the relevant Release’s Services name (e.g. 3.1).

Any other capitalized term used in these Terms of Service that is not defined in this clause shall have the meaning ascribed to such term in first instance where such term is used in these Terms of Service.

5. About these Terms of Service

5.1. The following additional conditions shall also apply to your use of the Services: - Privacy Policy, which sets out the conditions under which we will process any personal data about you collected when you visit the Services; and - Cookie Policy, which contains information about the cookies of our Platforms.

5.2. The Terms of Service may be formalized solely in English and you may download them at any time by clicking on the button available at the beginning of the page.

5.3. These Terms of Service shall apply from midnight of the day mentioned in the end of this document.

5.4. This contract is concluded between us and shall remain in force until you cancel your account or stop using or products and services, whichever happens later, and you may not assign to third parties any rights or obligations arising therefrom, nor assign your contractual position thereunder.

5.5. For all due purposes, we inform you that this contract will not be filed electronically by us, and we recommend that you keep a copy of these Terms of Service.

5.6. These Terms of Service and any additional document to which express reference is made herein constitute, together with the information provided to you during any relevant order, when applicable, the complete agreement between us, and there is no additional representation, warranty, affirmation, agreement or undertaking, express or implied, of any kind, type or form made by either party, except as explicitly set forth in these Terms of Service. These Terms of Service supersede each and every agreement, whether oral or written, between the parties in relation to the subject matter thereof.

5.7. If any of the provisions of these Terms of Service is declared invalid or unenforceable, such declaration shall not invalidate the remaining Terms of Service, which shall continue in full force and effect, unless another remedy is imposed by applicable law. If either party does not require compliance with any of the provisions of these Terms of Service at any given time, this does not imply and cannot be interpreted as a modification, in whole or in part, of the same, nor as a waiver of its right to demand compliance with them in the future.

5.8. Nothing in these Terms of Service shall create, or be deemed to create, a partnership or the relationship of principal and agent or employer and employee between the us and the Customer.

6. Use of our Services

6.1. We grant Customer the right to access and use the Services and to install and use the Platform and our Services included in its subscription, as further described in these Terms of Service. Coreflux reserves all rights not expressly granted to Customer in these Terms of Service. Except for the limited rights and licenses expressly granted under this these Terms of Service, nothing in these Terms of Service grants, by implication, waiver or otherwise, Customer or any third party any intellectual property rights or other right, title, or interest in or to Coreflux’s intellectual property rights.

6.2. Subject to these Terms of Service, we also grant a non-exclusive, non-sublicensable, non-transferable license for Authorized Users to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.

6.3. You are solely responsible for the content of all Customer Data. You will secure and maintain all rights in Customer Data necessary for us to provide the Services to you without violating the rights of any third party. Coreflux does not and will not assume any obligations with respect to Customer Data or to your use of the Services other than as expressly set forth in these Terms of Service or as required by applicable law.

6.4. You are responsible and liable for all uses of the Services and Documentation resulting from access provided by you, directly or indirectly, whether such access or use is permitted by or in violation of these Terms of Service. Without limiting the generality of the foregoing, you are responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of these Terms of Service if taken by you will be deemed a breach of these Terms of Service by you. You shall use reasonable efforts to make all Authorized Users aware these Terms of Service as applicable to such Authorized User's use of the Services and shall cause Authorized Users to comply with such provisions.

6.5. You are responsible for keeping your passwords and access credentials associated with the Services confidential. You will not sell or transfer them to any other person or entity. You will promptly notify us about any unauthorized access to your passwords or access credentials.

6.6. The information found on the Services may contain technical inaccuracies or typographic errors. Coreflux reserves the right to make changes, corrections and improvements to the aforementioned information at any time and without notice. Although we take all reasonable steps to keep the information on the Services up to date, we make no representations or warranties, either implicit or explicit, unless you are a consumer, as to whether the content of the Services is accurate or complete or is up to date.

6.7. It is up to the User to obtain the necessary means to access the Services. Coreflux will not be held responsible for any failure produced on the Services due to incompatibility with the devices used by the User to access it (including, by way of example and without limitation, minimum storage and memory requirements at any given time). The content of the Services may only be used by the User for internal (private or professional) use.

6.8. Use of the Services for any illegal purpose, or any other purpose not expressly permitted in these Terms of Service, is strictly prohibited. Without limitation, you will not carry out any actions forbidden under clause 3 of the Terms of Use, which shall apply to all of Coreflux’s Services.

6.9. We do not warrant that the Services are secure or free of programming errors (bugs) or viruses. The User shall be responsible for configuring their platforms, equipment and computer programs to access the Services, as well as for obtaining their own antivirus software.

6.10. The right to access and use the Services and the Documentation is granted solely to Customer and not, by implication or otherwise, when applicable, to any affiliate of Customer or any other third party.

6.11. Customer shall exercise due and proper care in the access and use the Services and the Documentation, and shall engage such electronic and physical systems necessary in order to safeguard the Services and the Documentation. In the event of detecting an unauthorized access to the Services, Customer shall promptly notify Coreflux.

6.12. Coreflux may affix Markings to the Services and the Documentation. Customer shall not remove, erase, obscure or otherwise modify any Marking. Customer shall comply with Coreflux’s reasonable directions regarding the form and placement of the Marking on the Services and the Documentation and any other information delivered to Customer by Coreflux or any portion thereof.

6.13. Customer shall be the sole responsible (i) for all loss, damage or destruction of or to the Services and/or the Documentation, including such thereof which may arise from misuse, neglect, casualty losses or matters customarily considered to be force majeure; (ii) for having available all the Infrastructure and equipment and online connection necessary to establish a connection to the Internet, if applicable, and access to the Services and Documentation; and (iii) of having available and adequate access to the Internet, if applicable, and pay any connection fees associated with such access.

6.14. Customer represents and warrants to Coreflux that: (i) it will access and/or use the Services in strict compliance with all applicable laws, rules, regulations, orders and international and national treaties (including, without limitation, copyright laws, patent, trade secrets, data protection and privacy laws, etc.), and shall not access and/or use the Services and/or Documentation for any illegal purpose, or in violation of national or international law; and (ii) it shall have at all times adequate right and title over Customer’s Data to use and license it in accordance with these Terms of Service, and that any such use and license shall not infringe or violate any rights of any third party including without limitation any Intellectual Property rights or any other rights of any kind. Customer agrees to be solely responsible for regulatory and safety related requirements concerning Customer’s use of the Services.

6.15. The Services may permit access to third-party products. For purposes of these Terms of Service, such Third-Party Products are subject to their own terms and conditions presented to you for acceptance. If you do not agree to abide by the applicable terms for any such third-party products, then you should not install, access, or use such third-party products.

7. Aggregated Statistics

Notwithstanding anything to the contrary in these Terms of Service, Coreflux may monitor Customer's use of the Services and collect and compile data and information related to your and the Authorized Users' use of the Services to be used by Coreflux in an aggregated and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services ("Aggregated Statistics"). As between Coreflux and Customer, all right, title, and interest in Aggregated Statistics, and all Intellectual Property rights therein, belong to and are retained solely by Coreflux. You acknowledge that Coreflux may compile Aggregated Statistics based on Customer Data input into the Services. You agree that Coreflux may use Aggregated Statistics to improve and develop its services and in the manner permitted under applicable law; provided that such Aggregated Statistics do not identify Customer or Customer Proprietary Information.

8. Price and support

8.1. The prices of our Services are detailed on our website (https://coreflux.org/) and our Platform. In general, our Services are subject to the following prices and/or subscription fees (“Fees”):

(i) Platform: The Platform is offered to Customers free of charge.

(ii) Assets: Assets are paid once and give you the right to use them as described in these Terms of Service.

(iii) Cloud Broker: You pay this service on a periodic basis, with the application of a fixed price, as described on our website and Platform. Cloud Broker services may also be customized by us for our Customers. In that case, the applicable price will be described in an autonomous proposal made by us to the Customer.

8.2. If periodic Fees are due, it is Customer's responsibility to keep the Customer credit/debit card information up-to-date, and Coreflux is not liable for any fees, charges, costs, or any other damages in connection to or arising from Customer's use of the Customer credit/debit card under these Terms of Service.

8.3. If Customer fails to make any payment when due, without limiting Coreflux’s other rights and remedies: (i) Coreflux may charge interest on the past due amount at the rate of 1% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Coreflux for all reasonable costs incurred by Coreflux in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for 30 days or more, Coreflux may suspend Customer’s and all other Authorized Users’ access to any portion or all of the Services until such amounts are paid in full.

8.4. Coreflux may grant you access to a 14-day free trial period of our Cloud Broker services, in which case Fees will be charged solely after the termination of the free trial period, provided that you have not cancelled your subscription until the end of the free trial period. We may also provide vouchers that will allow Customers to obtain our Services in special conditions. In those cases, the voucher conditions shall apply.

8.5. Coreflux will provide reasonable support services, either by telephone or in writing, at Coreflux’s discretion, to help Customer solve specific problems with access or use of the Services, but Customer acknowledges that it may not be possible for Coreflux to solve all problems or correct all errors in the Services.

8.6. You must pay any applicable value added, goods and services, sales, gross receipts, or other transaction taxes, fees, charges or surcharges, or any regulatory cost recovery surcharges or similar amounts that are owed under these Terms of Service and which we are permitted to collect from you under applicable law. You will be responsible for any applicable stamp taxes and for all other taxes that you are legally obligated to pay. We will be responsible for all taxes based on our net income, gross receipts taxes imposed in lieu of taxes on income or profits, or taxes on our property ownership.

8.7. If any taxes are required to be withheld on payments you make to us, you may deduct such taxes from the amount owed to us and pay them to the appropriate taxing authority; provided, however, that you promptly secure and deliver an official receipt for those withholdings and other documents we reasonably request to claim a foreign tax credit or refund. You must ensure that any taxes withheld are minimized to the extent possible under applicable law.

9. Suspension of the Services

9.1. Notwithstanding anything to the contrary in these Terms of Service, Coreflux may temporarily suspend Customer’s and any other Authorized User’s access to any portion or all of the Services if: (i) Coreflux reasonably determines (A) that there is a threat or attack on any of Coreflux’ Intellectual Property; (B) Customer’s or any other Authorized User’s use of the Coreflux’ Intellectual Property disrupts or poses a security risk to Coreflux’ Intellectual Property or to any other customer or vendor of Coreflux; (C) Customer or any other Authorized User is using Coreflux’ Intellectual Property for fraudulent or illegal activities; (ii) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (iii) Coreflux’s provision of the Services to Customer or any other Authorized User is prohibited by applicable law (“Services Suspension”).

9.2. Coreflux shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. Provider shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Services Suspension is cured. To the maximum extent permitted by law, Coreflux will have no liability for any damage, liabilities, losses (including any loss of or profits), or any other consequences that Customer or any other Authorized User may incur as a result of a Service Suspension.

10. Liability

10.1. YOUR ACCESS TO AND USE OF THE SERVICES ARE AT YOUR OWN RISK. YOU UNDERSTAND AND AGREE THAT THE SERVICES ARE PROVIDED TO YOU ON AN “AS IS” AND “AS AVAILABLE” BASIS. WITHOUT LIMITING THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, COREFLUX, ITS AFFILIATES, RELATED COMPANIES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, REPRESENTATIVES, PARTNERS, AND LICENSORS (THE “COMPANY ENTITIES”) DISCLAIM ALL WARRANTIES AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE COMPANY ENTITIES MAKE NO WARRANTY OR REPRESENTATION AND DISCLAIM ALL RESPONSIBILITY AND LIABILITY FOR: (A) THE COMPLETENESS, ACCURACY, FUNCTIONALITY, AVAILABILITY, TIMELINESS, SECURITY, OR RELIABILITY OF THE SERVICES; (B) ANY HARM TO YOUR COMPUTER SYSTEM, LOSS OF DATA, OR OTHER HARM THAT RESULTS FROM YOUR ACCESS TO OR USE OF THE SERVICES; (C) THE OPERATION OR COMPATIBILITY WITH ANY OTHER APPLICATION, SYSTEM OR DEVICE; (D) WHETHER THE SERVICES WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS; AND (E) THE DELETION OF, OR THE FAILURE TO STORE OR TRANSMIT, YOUR CONTENT, DATA, AND OTHER COMMUNICATIONS MAINTAINED BY THE SERVICES. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM THE COMPANY ENTITIES OR THROUGH THE SERVICES, WILL CREATE ANY WARRANTY OR REPRESENTATION NOT EXPRESSLY MADE HEREIN.

10.2. LIMITATIONS OF LIABILITY. TO THE MAXIMUM EXTENT NOT PROHIBITED BY APPLICABLE LAW, YOU AGREE THAT IN NO EVENT WILL THE COMPANY ENTITIES BE LIABLE FOR ANY INDIRECT, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (OR ANY PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF USE, DATA OR PROFITS, BUSINESS INTERRUPTION, OR ANY OTHER DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SERVICES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER UNDER THESE TERMS OR OTHERWISE ARISING IN ANY WAY IN CONNECTION WITH THE SERVICES OR THESE TERMS OF SERVICE AND WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) EVEN IF THE COMPANY ENTITIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE COMPANY ENTITIES’ AGGREGATE LIABILITY TO YOU FOR ANY DAMAGES FINALLY AWARDED SHALL NOT EXCEED THE GREATER OF (I) THE AMOUNT YOU PAID THE COMPANY ENTITIES, IF ANY, IN THE PAST SIX MONTHS FOR THE SERVICES GIVING RISE TO THE CLAIM, OR (II) 5,000 EUR OR THE EQUIVALENT AMOUNT IN THE CURRENCY OF YOUR JURISDICTION.

10.3. Nothing in these Terms of Service shall exclude or limit in any way our liability to you for death, damage to moral or physical integrity or damage to the health of persons; or for fraud, gross negligence or intentional misconduct, or in cases of negligence where a material obligation has been breached, a material obligation being such which forms a prerequisite to our delivery of our Services and on which you may reasonably rely, but only to the extent that the damages were directly caused by the breach and were foreseeable upon conclusion of these Terms of Service and to the extent that they are typical in the context of these Terms of Service.

10.4. By entering into these Terms of Service and accessing or using the Services, you agree that you shall defend, indemnify, and hold the Company Entities harmless from and against any reasonable claims, costs, damages, losses, liabilities, and expenses (including reasonable attorneys’ fees and costs) incurred by the Company Entities arising out of or in connection with: (a) your violation or breach of any term of these Terms of Service or any applicable law or regulation; (b) your violation of any rights of any third party; (c) your access to or use of the Services; or (d) your negligence or willful misconduct.

10.5. We will not be liable or responsible to you, nor be deemed to have defaulted under or breached these Terms of Service, for any failure or delay in fulfilling or performing any of our obligations under these Terms of Service or in operating the Services, when and to the extent such failure or delay is caused by or results from any events beyond Coreflux’s ability to control, including flood, fire, earthquake, epidemics, pandemics, quarantine restrictions, tsunami, explosion, war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest, government order, law, or action, embargoes or blockades, strikes, labor stoppages or slowdowns or other industrial disturbances, shortage of adequate or suitable Internet connectivity, telecommunication breakdown, shortage of adequate power or electricity, and other similar events beyond our control. Without limiting the generality of the foregoing, your access and use of the Services may also be interrupted from time to time as a result of periodic updating, maintenance, or repair of the Services or other actions Coreflux required to maintain the conformity of the Services.

11. Intellectual Property

11.1. Customer acknowledges and agrees that Coreflux is and shall remain the exclusive owner of the Services and of the Documentation. Customer further acknowledges and agrees that any and all right, title and interest in the Services and in the Documentation, including any Intellectual Property rights associated to or with the Services and the Documentation, and/or with any of its elements or components, is exclusively owned by Coreflux. No right, title or interest in or to any Marking of Coreflux is granted under these Terms of Service. Customer shall keep the Services and the Documentation at all times free and clear of any and all claims, liens and encumbrances.

11.2. Any action which may be brought to obtain damages from or to prevent or cease any third party from infringement of any Intellectual Property rights owned by Coreflux shall be brought exclusively by Coreflux, in its sole discretion and at its sole cost and expense, using attorneys of its choice. All damages or other relief or remedies resulting therefrom shall correspond solely to Coreflux. Customer shall promptly notify Coreflux of any unauthorized use or infringement of Coreflux’s Intellectual Property rights that it is or becomes aware of.

11.3. Customer may not use any of Coreflux’s Intellectual Property rights for purposes other than those expressly foreseen in these Terms of Service, except as previously approved in writing by Coreflux.

11.4. As between you and us, you own all right, title, and interest, including all intellectual property rights, in and to Customer Data. Customer hereby grants to Coreflux a non-exclusive, non-transferable, royalty-free license to use and host the Customer’s Data for the purposes of the Agreement, as well as limited license to use Customer’s Data in the development, maintenance and improvement if Coreflux Services during the term of these Terms of Service. This license shall be sub-licensable to Coreflux’s affiliates and subcontractors.

11.5. If you or, when applicable, any of your employees, contractors, or agents sends or transmits any communications or materials to us by mail, email, telephone, or otherwise, suggesting or recommending changes to the Services, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like ("Feedback"), we are free to use such Feedback irrespective of any other obligation or limitation between you and us governing such Feedback. All Feedback is and will be treated as non-confidential. You hereby assign to us on your behalf, and shall cause your employees, contractors, and agents to assign, all right, title, and interest in, and we are free to use, without any attribution or compensation to you or any third party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although we are not required to use any Feedback.

11.6. If any part of the Services and/or Documentation is or in Coreflux’s opinion is likely to become, the subject of a claim, suit or proceeding of infringement of third party rights, Coreflux may (a) replace or modify the allegedly infringing portions of the Services and/or Documentation, at no cost to Customer, to make the Services and/or Documentation non-infringing, provided that the same functions are provided by the replacement to or modification of the Services and/or the Documentation; or (b) if the right to continue to access and use the Services and/or the Documentation cannot be procured for Customer at a reasonable cost, in the discretion of Coreflux, or the Services and/or Documentation cannot be replaced or modified, terminate the Services and/or Documentation in accordance with the terms applicable to each Service.

12. Proprietary Information and non-disclosure

12.1. For the purposes of these Terms of Service, “Coreflux’s Proprietary Information” shall be (i) all information related to the Services and Documentation, including any and all changes, enhancements, modifications, conversions, additions, adaptations, versions, updates, releases and derivative works thereof and (ii) any and all information related to the business and activities of Coreflux. For the avoidance of doubt, Coreflux’s Proprietary Information with respect to the Services and Documentation shall include each invention, discovery, development, improvement, system, design, screen, report, manual, program, code, listing, software, database, specification, routine, subroutine, whether or not protected or protectable by Intellectual Property rights, or whether or not such Proprietary Information has been disclosed.

12.2. Likewise, for the purposes of the Agreement, “Customer Proprietary Information” shall be the Customer’s Data, as well as any and all information related to the business and activities of the Customer.

12.3. Each of the Parties acknowledges that, in the course of performing their respective obligations under these Terms of Service, such Party shall receive Proprietary Information from the other Party, which such Party wishes to protect from public disclosure. The Party who receives Proprietary Information (“Receiving Party”) from the other Party hereunder (“Disclosing Party”), shall not use Disclosing Party’s Proprietary Information for any purpose other than those foreseen in these Terms of Service. Receiving Party shall not, without the prior written consent of Disclosing Party, copy or otherwise reproduce Disclosing Party’s Proprietary Information, or disclose, disseminate or otherwise communicate, in whole or in part, Disclosing Party’s Proprietary Information to any third party except insofar as permitted by these Terms of Service and to officers, directors, employees, consultants and advisors of Receiving Party who need to know the Proprietary Information and who will have undertaken in writing to treat the Proprietary Information in accordance with the provisions of this clause. Receiving Party further agrees that it shall safeguard Disclosing Party’s Proprietary Information from disclosure using efforts no less commensurate with those Receiving Party employs for protecting the confidentiality of its own Proprietary Information which it does not desire to disclose or disseminate, but in no event less than reasonable care. If Receiving Party becomes compelled by law or order of court or administrative body to disclose any Disclosing Party’s Proprietary Information, Receiving Party shall be entitled to disclose such Proprietary Information provided that: (i) Receiving Party provides Disclosing Party with prompt prior written notice of such requirements to allow Disclosing Party to take any necessary action to safeguard the Proprietary Information; and (ii) if required to do so, Receiving Party shall furnish only that portion of Disclosing Party’s Proprietary Information which is legally required to be disclosed and shall exercise its best efforts to obtain assurances that Proprietary Information will be treated in confidence.

12.4. Receiving Party agrees that Disclosing Party may be irreparably injured by a breach of this clause and that Disclosing Party may be entitled to seek any and all remedies available under the applicable Law, including but not limited to, claims for damages in the event of any breach of the provisions hereof.

13. Term and Termination

13.1. The term of these Terms of Service begins on the Effective Date. These Terms of Service will apply to each of the Services subscribed by the Customer until this subscription is fully terminated. You may terminate a subscription at any time during its Term; however, you must pay all amounts due for the remainder of the Term, and no refunds will be provided.

13.2. In addition to any other express termination right set forth in these Terms of Service:

a) Coreflux may terminate these Terms of Service for any reason upon thirty (30) days’ advance notice.

b) You may terminate these Terms of Service for any reason upon thirty (30) days’ advance notice.

c) Either party may terminate these Terms of Service, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured thirty (30) days after the non-breaching party provides the breaching party with written notice of such breach.

d) Subject to applicable law and to the extent permitted by it, either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files, or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

13.3. Upon termination of these Terms of Service, Customer shall immediately cease to use Coreflux’s Services, Documentation and Intellectual Property. The provisions of these Terms of Service which by their nature are intended to survive the expiration or any earlier termination of these Terms of Service, particularly those related to liability, proprietary information and intellectual property, shall survive such expiration or earlier termination.

14. Changes and updates

Coreflux may, at its discretion, provide Updates to the Services to the Customer. Coreflux shall have no obligation to provide Customer with new Updates, Releases and Versions.

We may change, suspend, withdraw or restrict the availability of all or any part of our Services for business and operational reasons at any time without notice. Nothing in these terms shall affect any statutory rights that you cannot contractually agree to alter or waive and are legally always entitled to as a consumer under applicable laws.

Coreflux reserves the right to modify or cancel, partially or totally, these Terms of Service, which will be communicated to Customers through the means provided to us. In the event that the proposed modifications substantially alter these Terms of Service, your acceptance of them will be required for them to remain binding.

15. What laws apply

Please note that these Terms of Service and its subject matter are governed by Portuguese law, without prejudice to the application of any mandatory consumer law from the country where the consumer has his/her habitual residence.

II. SPECIFIC TERMS FOR CONSUMERS

16. Taxes

If you are a consumer, clauses 8.6 and 8.7 (relating to taxes) shall not apply to your use of the Services.

17. Liability

If you are a consumer:

a) Clause 10.1 is replaced with the following:

Without limiting the foregoing, Coreflux, its affiliates, related Companies, officers, directors, employees, agents, representatives, partners, and licensors (the “Company Entities”) disclaim all warranties and conditions, whether express or implied of merchantability of the Services. No advice or information, whether oral or written, obtained from the Company Entities or through the Services will create any warranty or representation not expressly made herein.

b) Clause 10.2 is replaced with the following:

LIMITATIONS OF LIABILITY. SUBJECT TO CLAUSE 10.3, THE COMPANY ENTITIES WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (OR ANY PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF USE, DATA OR PROFITS, BUSINESS INTERRUPTION, OR ANY OTHER DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SERVICES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER UNDER THESE TERMS OR OTHERWISE ARISING IN ANY WAY IN CONNECTION WITH THE SERVICES OR THESE TERMS AND WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) EVEN IF THE COMPANY ENTITIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE COMPANY ENTITIES’ AGGREGATE LIABILITY TO YOU FOR ANY DAMAGES FINALLY AWARDED SHALL NOT EXCEED THE GREATER OF (I) THE AMOUNT YOU PAID THE COMPANY ENTITIES, IF ANY, IN THE PAST SIX MONTHS FOR THE SERVICES GIVING RISE TO THE CLAIM, OR (II) 5,000 EUR OR THE EQUIVALENT AMOUNT IN THE CURRENCY OF YOUR JURISDICTION. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

18. Termination

If you are a consumer, clause 13 is replaced with the following:

If you are a consumer and the Company terminates your right to use the Services, suspend your User account or terminate these Terms of Service, Coreflux will endeavor to provide you with reasonable notice before the termination and the termination will be effective at, when applicable, the end of the subscription period for which payment has already been made by you. However, if the termination is based on serious grounds, such as (but not limited to) your breach of these Terms of Service, the termination will be effective immediately at any time without prior notice.

You may terminate the Services at any time and for any reason by deleting your account and ceasing to access the Services. However, unless you terminate the Services due to our breach of these Terms of Service, you must pay all amounts due for the remainder of the Term, and no refunds will be provided.

19. Changes and Updates

If you are a consumer, clause 14 is replaced with the following:

We may change, modify, update, remove or enhance any functionality of the Services and/or modify the Terms of Service as described below from time to time in particular to reflect changing regulatory or legal requirements or to further develop the Services or Coreflux’s business model or for other operational and business-related reasons.

If we modify these Terms, we will update the “Last Update” date at the end of these Terms of Service. If we make changes that are material in any way, we will notify you reasonably in advance of the effective date of the modified Terms of Service to allow you to terminate before the effective date of the modified Terms of Service. Your continued access or use of the Services after the modifications have become effective will be deemed your acceptance of the modified Terms of Service. If you do not agree with the updated Terms of Service, you should terminate your use of the Services.

If the changes to the Terms of Service limit your use or prevent accessibility of the Services materially, you have the right to cancel your subscription within 30 calendar days from the receipt of the notice. In this event Coreflux shall reimburse you the price of the remaining period of the subscription, if applicable.

Changes and Updates of Services

Any changes to the Services that do not affect the availability of the services and that may merely correct errors and keep the conformity of the Services with the Terms of Service will be performed by Coreflux without further notice to you.

Any material changes to the Services used by you, being a consumer, which are made due to a reasonable cause, for example if necessary to adapt the Services to a new technical environment or to an increased number of users or where it is necessary for other material operational reasons, will be communicated to you. Coreflux will notify you two months prior to the performance of the material changes via email, explaining the content and envisaged timeframe to implement the changes. If these changes limit your use or prevent accessibility of the Services materially, you have the right to cancel your subscription 30 days after the begin of the performance of the material changes to the Services via email.

III. PRODUCTS TERMS

a) Coreflux Platform

Price: Coreflux Edge Platform is provided to Customers free of charge.

Term: You may use the Platform for an indefinite period of time, until you or us cancel your account. You may cancel your account at any time.

Functionality of the platform, including technical protection measures: [to be included].

Compatibility and interoperability: [to be included].

License: Coreflux is the owner or licensee of all intellectual and industrial property rights over the Platform, including the provision of the rights to the contents of the Platform, the sui generis right over the underlying databases, the graphic design and user interface of the Platforms (look & feel)), the underlying computer programs (including the source and object codes), as well as the different elements that make up the Platform (texts, graphics, photographs, videos, sound recordings, etc.) (henceforth, the "Contents"), as well as the distinctive signs incorporated on the Platforms (trademarks and trade names). These works, trademarks or Content are protected by the laws and treaties on intellectual and industrial property applicable throughout the world. The use of the Platform by the Customer does not imply the assignment of any intellectual and/or industrial property rights over the Platform, the Contents and/or the distinctive signs of Coreflux or third parties. We grant Customer the right to access and use and to install the Platform. Except in cases where expressly permitted or with the prior authorization of Coreflux, the Customer is expressly prohibited from reproducing, transforming, distributing, publicly communicating, making available, extracting and/or reusing the Platform, its Contents and/or Coreflux's distinctive signs.

Downloading, viewing and printing information from the Platform is only permitted for internal (private or professional) use. Any use of the Platform and Contents for commercial purposes without Coreflux’s written consent is prohibited. It is compulsory to store and reproduce any indications of intellectual property rights present on material downloaded from the Platform. Unless otherwise specified, any material on the Platforms must be understood as protected by authors rights and can only be used in accordance with these Terms of Service or as specified in the site texts or our contracts with you, except with Coreflux’s written consent. Coreflux does not assume any guarantee with regard to any violations of third-party rights by Users resulting from improper use of the material contained on the Platforms.

Termination: If we terminate your use of the Platform for any reason, you will not be entitled to any compensation due to such termination.

b) Coreflux Assets

Price: Each Coreflux Asset has the price established, at each moment, on our website and our Platform. Your license for the use of each Coreflux Asset is subject to a one-time Fee (i.e. once you pay the Fee applicable to the Asset, you will be able to use it for an indefinite period of time).

Term: You may use the Assets for an indefinite period of time, until you or us cancel such access to them. You may cancel your access to an Asset at any time.

Functionality of the platform, including technical protection measures: [to be included].

Compatibility and interoperability: [to be included].

License: Coreflux grants to you a personal, non-transferable and non-exclusive right to use each Asset you purchase you agree you will not copy the Asset except as necessary to use it on a single computer. Each asset is licensed, not sold. You acknowledge that no title to the intellectual property in the Software is transferred to you.

Termination: If we terminate your access to an Asset for any reason, you will not be entitled to any compensation due to such termination. If you are a consumer, your legal warranty rights shall apply.

c) Coreflux Cloud Broker

Price: You pay this service on a periodic basis, with the application of a fixed price, as described on our website and Platform. Cloud Broker services may also be customized by us for our Customers. In that case, the applicable price will be described in an autonomous proposal made by us to the Customer.

License: Subject to and conditioned on, when applicable, your payment of Fees and compliance with the Terms of Service, Coreflux hereby grants you a revocable, non-exclusive, non-transferable, non-sublicensable, limited right to access and use the Cloud Broker services during the Term solely for your internal business purposes by Authorized Users in accordance with the terms and conditions herein.

Functionality of the platform, including technical protection measures: [to be included].

Compatibility and interoperability: [to be included].

Term and termination: Use of Cloud Broker services is subscribed for the period identified on our website and Platform (“Initial Term”) and automatically renewed for equivalent periods (“Extensions”). Coreflux may change the price of Cloud Broker services from time to time and will inform you of any price changes with reasonable notice. Price changes will take effect at the beginning of the subscription period following the date of the price change. Subject to applicable law, by continuing to use the Cloud Broker services after the price change takes effect, you accept the new price. If you do not accept the price changes, you have the right to reject the change by cancelling the applicable subscription prior to the price change taking effect. Customer is entitled to cancel the subscription at any moment by [describe process for canceling], provided that, in no event, termination of the subscription before the date of expiration of its Initial Term or any of its subsequent Extensions shall give rise to a right to total or partial refund of the Fee already paid by the Customer. If Coreflux terminates your subscription for any reason allowed under these Terms of Service and such termination is not due to a Customer’s breach of the Terms of Service, Coreflux will reimburse Customer the proportional Fees corresponding to the period from the termination date until the date of expiration of the then current Initial Term or Extension, as applicable.

Configuration: Customers are responsible for their Cloud Broker configuration. Assistance with configuration changes will be provided upon request and may be subject to additional Fees. Updates to the Cloud Broker services will be communicated in advance and can be scheduled at a convenient time for the customer.

User Management: Customers are responsible for managing their Cloud Broker Authorized Users. Coreflux will provide guidance on user management upon request and may be subject to additional Fees. It's crucial for Customers to manage user permissions judiciously.

IV. Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) applies to the extent that Coreflux (“Processor”) processes personal data on behalf of the Customer (“Controller”) within the context of the provision of Cloud Broker services (“Cloud Services”).

1. Definitions and Interpretation

The following terms shall have the following meanings:

a)Applicable Data Protection Laws” means, to the extent applicable, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”), Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (“e-Privacy Directive”), as well as any other laws and regulations of the European Union, the European Economic Area and their Member States,; and (ii) all privacy and data protection laws and regulations, worldwide (whether, national, state, provincial, local or otherwise), applicable to the Processing of Personal Data under these Terms of Service, as may be amended, extended, re-enacted, or interpreted from time-to-time.

b)Data Subject” means the identified or identifiable person to whom Personal Data relates;

c)Personal Data” means “any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, as defined under the GDPR and includes any equivalent definition in the Applicable Data Protection Laws;

d)Process, Processing or Processed” means “any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined under the GDPR and includes any equivalent definition in the Applicable Data Protection Laws;

e)Standard Contractual Clauses or SCCs” means the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR as adopted by the European Commission on 4 June 2021 (Commission Implementing Decision (EU) 2021/914).

2. Appointment

2.1. Coreflux is a Processor and you are a Controller (both as defined in the GDPR). The Controller will act as the sole Controller of the Personal Data and that the Processor renounces to any rights it may have to act as a data controller of the Personal Data held by the Controller.

2.2. The Parties have agreed that it may be necessary for the Processor to Process certain Personal Data on behalf of the Controller; in light of this Processing, the Parties have agreed to enter into this agreement to address the compliance obligations imposed upon the Controller pursuant to the Applicable Data Protection Laws and, in particular, pursuant to article 28 of the GDPR.

2.3. The Processor is appointed by the Controller to Process such Personal Data for and on behalf of the Controller as is necessary to provide the Cloud Services, and as may subsequently be agreed to by the Parties in writing. Any such subsequent agreement shall be subject to the provisions of this DPA.

2.4. The Controller shall Process Personal Data in accordance with the requirements of the Applicable Data Protection Laws. For the avoidance of doubt, the Controller’s instructions for the Processing of Personal Data shall comply with the Applicable Data Protection Laws and the Processor reserves the right to refuse such instructions if not in compliance with the Applicable Data Protection Laws. The Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which it acquires the Personal Data. The Controller shall establish and have any and all required legal basis in order to collect, Process and transfer to Coreflux the Personal Data, and to authorize the Processing by Coreflux, and for Coreflux’s Processing activities on your behalf.

3. Data Processing

3.1. The Processor shall Process Personal Data in accordance with the details of Processing summarized in Schedule 1.

3.2. The Personal Data will be physically stored exclusively within a Member State of the European Union (EU) or within a Member State of the European Economic Area (EEA). Coreflux may require to Process Personal Data on a global basis where access needs to be provided to authorized personnel of Coreflux or authorized sub-processor as necessary for the performance of the Cloud Services, including to countries outside the European Economic Area (EEA). Customer hereby approves the transfer of Personal Data to the locations which may be identified in the sub-processor list and acknowledges that the basis of such transfer between jurisdictions is acceptable, provided that adequate safeguards are implemented by Coreflux.

3.3. If, as a Controller, you are situated in a country outside the EU and the EEA and your processing of Personal Data is not subject to the GDPR, the SCCs shall be incorporated in this DPA.

4. Technical and Organizational Measures

4.1. The Processor shall establish data security in accordance with the Applicable Data Protection Laws. The measures to be taken must guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of Processing, as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons, must be taken into account.

4.2. The Processor has laid down the technical and organizational measures, in Schedule 2 of this Agreement.

4.3. The technical and organizational measures are subject to technical progress and further development. In this respect, it is permissible for the Processor to implement alternative adequate measures from time to time. In so doing, the security level of the defined measures must not be reduced.

5. Data Subject Requests and Coreflux’s Assistance

5.1. The Processor may not, on its own authority, reply to any requests on the exercise of rights made by Data Subjects. The Processor shall, to the extent legally permitted, promptly notify the Controller if the Processor receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making. If a Data Subject applies directly to the Processor with a request to exercise their right under Applicable Data Protection Laws, the Processor must forward this request to the Controller without delay. Coreflux will provide reasonable assistance to the Controller in fulfilling their obligation to respond to any such request.

5.2. Upon the Controller’s request, the Processor shall provide the Controller with reasonable cooperation and assistance needed to fulfill the Controller’s obligation under the GDPR to carry out a data protection impact assessment and, where necessary, a prior consultation related to the Controller’s use of the Processor’s Cloud Services, as well as reasonable assistance in the fulfillment of article 32 of the GDPR (by communicating to the Controller any shortcomings in its security measures of which the Processor becomes aware), to the extent that the Controller does not otherwise have access to the relevant information, and to the extent such information is available to the Processor.

6. Processor’s obligations

6.1. The Processor and any person acting under its authority shall process the Personal Data in accordance with the Processor’s Terms of Service and on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by European Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.

6.2. The Processor ensures that its personnel (whether legal or natural) engaged in the Processing of Personal Data have committed themselves to maintaining the confidentiality of the Personal Data.

6.3. The Processor and the Controller shall cooperate, on request, with the supervisory authority in the performance of its tasks.

6.4. Coreflux shall inform you immediately if we receive any complaint, notice or communication that relates directly to the processing of the Personal Data on your behalf, unless prohibited from doing so by applicable law.

6.5. The Processor shall periodically monitor the internal processes and the technical and organizational measures to ensure that Processing is in accordance with the requirements of Applicable Data Protection Laws and the protection of the rights of the Data Subject.

7. Monitoring Rights of the Controller

7.1. Upon reasonable prior written notice of no less than thirty (30) days, and no more than once during any consecutive twelve (12)-month period, the Controller has the right, after consultation with the Processor, to carry out inspections or to have them carried out by an auditor to be designated in each individual case. These rights of the Controller shall not extend to facilities which are operated by sub-processors, sub-contractors or any third parties which the Processor may use to provide the Cloud Services. The Processor shall ensure that the Processing activities carried out by any sub-processors, sub-contractors or any third parties which the Processor may use to provide the Cloud Services meet the requirements laid down in this DPA and in Applicable Data Protection Laws.

7.2. The Processor shall ensure that the Controller is able to verify compliance with the obligations of the Processor in accordance with the Applicable Data Protection Laws. The Processor undertakes to provide to the Controller all reasonably necessary information on request and, in particular, to demonstrate the execution of the technical and organizational measures as mentioned in Schedule 2 within a reasonable timeframe.

7.3. Evidence of the implementation of any measures in this regard may also be presented in the form of up-to-date attestations, reports or extracts thereof from independent bodies (e.g. external auditors, internal audit, the data protection officer, the IT security department or quality auditors) or suitable certification by way of an IT security or data protection audit or by other measures provided by law.

8. Notification of Data Breaches by the Processor

The Processor shall assist the Controller in complying with the statutory obligations regarding the security and protection of Personal Data and shall make appropriate documentation in this regard.

This includes, in particular, the obligation to notify the Controller without undue delay after having become aware of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data ("Data Breach"). Processor shall co-operate with the Controller and provide the Controller with any information which the Controller may reasonably request relating to the Data Breach.

9. Authority of the Controller to Issue Instructions

9.1. The Personal Data may only be handled under the terms of this DPA, in alignment with the Processor’s Terms of Service, and under the instructions issued by the Controller. Under the terms of this DPA, the Controller retains a general right of instruction as to the nature, scope and method of data Processing, which may be supplemented with individual instructions. Instructions are deemed to be provided by the Controller by way of selecting the desired product and/or the desired configuration of the Cloud Services settings or by way of instructions via electronically communicated text in writing or in text form.

9.2. The Processor must not use the data for any other purpose and is particularly forbidden to disclose the data to third parties. No copies or duplicates may be produced without the knowledge of the Controller. This does not apply to backup copies where these are required to assure proper data Processing, or to any data required to comply with statutory retention rules.

9.3. The Processor shall inform the Controller immediately if it believes that the instructions may cause infringement of Applicable Data Protection Laws. The Processor may then postpone the execution of the relevant instruction until it is confirmed or changed by the Controller’s representative.

10. Deletion and Return of Personal Data

10.1. Upon completion of the contractual work as laid down in the Terms of Service or when requested by the Controller, and within a reasonable time which shall not exceed thirty (30) calendar days, or any other timeline as specified in the product description, the Processor must delete, anonymize or return to the Controller all Personal Data in its possession and all work products including Personal Data.

10.2. Taking into account the nature of the Processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as possible, for the fulfillment of the Controller’s obligation to respond to a Data Subject’s request under the Applicable Data Protection Laws. The obligation to delete the Data Subject’s Personal Data shall, at all times, remain with the Controller. For the avoidance of doubt, the Processor will not undertake any data deletion efforts for and on behalf of the Controller other than as described the Terms of Service.

11. Sub-Processing

11.1. ‘Sub-Processing’, in the meaning of this DPA, does not include ancillary services, such as telecommunication services, postal/transport services. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services to sub-processors.

11.2. The Controller agrees to the commissioning of the following sub-processors on the condition of a contractual agreement in accordance with Applicable Data Protection Laws.

11.3. Outsourcing to further sub-processors or changing any existing sub-processors is permissible if the Processor informs the Controller of the identity of the sub-processor and the scope of the planned Sub-Processing in writing or in text form and the Controller does not object to the planned Sub-Processing in writing or in text form within ten (10) business days as from giving notice by the Processor. The Controller shall not unreasonably object to the planned Sub-Processing.

11.4. With respect to each sub-processor, the Processor will before the sub-processor first Processes any data of the Controller, carry out adequate due diligence to ensure that the sub-processor is capable of providing the level of protection for the Personal Data required by this DPA and shall ensure that the agreement between the Processor and the relevant sub-processor, is governed by a written contract including terms which offer at least the same level of protection for the Controller as those set out in this DPA and meets the requirements of article 28(3) of the GDPR.

SCHEDULE 1 : Description of Processing Operations

Subject Matter: Coreflux’s provision of the Cloud Services to Customer.

Duration of the Processing: The Term and its Extensions plus the period from the end of the Term and its Extensions until deletion of all Customer Data by Coreflux in accordance with this DPA.

Nature and Purpose of the Processing: Coreflux will process (store and delete) Customer Personal Data for the purposes of providing the Cloud Services to Customer (and, therefore, for the purpose of storing the Personal Data).

Categories of Data and Data Subjects: Data relating to Data Subjects (in particular, employees, suppliers and clients) provided to Coreflux via the Cloud Services, by (or at the direction of) Customer (in particular, identification, contact data and other data that Customer chooses to store in Coreflux’s cloud services).

SCHEDULE 2: Technical and Organizational Measures

The Processor warrants and undertakes in respect of all the Personal Data that is Processes on behalf of the Controller that, at all times, it maintains and shall continue to maintain appropriate and sufficient technical and organizational security measures to protect such Personal Data or information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing. Such measures shall include, but are not limited to, physical access control, logical access control (i.e. non-physical access control measures such as passwords), data access control, data transfer control, input control, availability measures, and data separation.

LAST UPDATE: [04/03/2024]