Terms and Conditions
General conditions of use of the Platform
- Preliminary provisions.
- These general conditions of use (the “General Conditions” or the “Agreement”) are intended to regulate the use by the user (the “User”) of the website incrementality.cassandra.app(the “Platform”) developed and managed by Cassandra Srl, based in Milan, Corso di Porta Romana, n. 6, REA MI-2675404, registered in the Milan Business Register, VAT and CF 1265410965, (“Cassandra” or the “Company”) as well as the purchase through the Platform of the license to use the software services as described below Article 3 (the “Services”).
- The status of User is acquired once the registration process on the Platform has been completed, in compliance with the procedure envisaged for this purpose and after having provided the information specifically requested by the Platform. The Company reserves the right not to accept, at its sole discretion, the registration requests submitted through the Platform, as well as to update and/or modify, from time to time, the requirements for joining the Platform and/or maintaining of the status of User, without any obligation to provide prior or subsequent information to the User.
- By accessing the Platform and using the Services, the User acknowledges having carefully read and fully understood the terms set out in these General Conditions and agrees to be bound by them. Failure to accept these General Conditions, as well as the additional documents referred to in article 1.5 below, will make it impossible to access the Platform and use the Services offered by the Company.
- Unless otherwise agreed in writing between the Company and the User, by accepting these General Conditions the User grants the Company the appointment as person responsible for the processing of personal data attached to this Agreement under the Appendix (the “Appointment as Person in Charge”).
- The provisions of the Appointment as Manager form an integral and substantial part of this Contract and are binding on the User and the Company.
- Unless otherwise indicated, the terms indicated in capital letters in the Appointment as Manager have the meaning ascribed to them in these General Conditions.
- Description of the Platform and Services.
- The Company has developed software which, through the use of artificial intelligence and marketing mix modelling, makes it possible to predict the amount of resources to be allocated for marketing activities and maximize the so-called “ROI” of the User provided in the form of Services through the Platform.
- The User can select one or more Services through the Platform, selecting the Services available from time to time on the same.
- Object and methods of providing the Services.
- Through its Platform and pursuant to the conditions of use of the license for use referred to in article 5 below, the Company offers the Services aimed at allowing the User to choose to use the following functions:
- descriptive dashboard containing a general (aggregate) analysis of the User’s business;
- descriptive dashboard containing a detailed analysis at the User’s marketing channel level;
- ability to create and analyze incremental experiments to launch new marketing channels or measure the impact of existing ones;
- ability to create and analyze model the machine learning for the statistical attribution of the User’s business performances (the “Machine Learning Model”);
- detailed analysis at the level of campaign typology through the Machine Learning Model;
- automated distribution of the User’s marketing budget via the Machine Learning Model;
- creation of a communication channel dedicated to the User through the application for mobile devices “Slack”.
- Support from the Cassandra team.
- Whitelabel the application with their url, favicon, logo and name.
as well as the additional Services and features from time to time advertised and / or made available through the Platform, also through Partners with whom Cassandra has entered into reporting, promotion, collaboration or other agreements.
- Through a specific command on the Platform, the User can select one or more Services and the Company can request payment of a recurring fee with reference to one or more Services made available through the Platform, under the conditions that will be specified from time to time at the inside of it.
- Duration and subscription period.
- These General Conditions will be effective between the User and the Company from the date of correct completion of the registration procedure on the Platform pursuant to article 7 below and, consequently, from the creation of the User account in the same (the “Account “).
- By accessing the Platform through the Account, using the appropriate command indicated on the Platform, the User will be able to select one or more Services as well as the related subscription period (the “Subscription Period”).
- Through the Platform and before subscribing to the Subscription Period, the User will be able to view on the Platform:
- the selected Services for which you are requesting a license for use pursuant to these General Conditions;
- the start and end date of the Subscription Period;
- the fee payable by the User to the Company in relation to the Subscription Period for the selected Services;
- information relating to the methods of payment of the fee.
- Following the selection via the Services Platform and the Subscription Period, the Company will send the User a summary document containing the main information in relation to the selected Services and the Subscription Period.
- At the end of the Subscription Period, the Contract will be renewed automatically for further periods of equal duration, under the same terms and conditions set out in this Contract, subject to withdrawal and/or termination of the Contract in accordance with these General Conditions.
- License to use the Services, limits and conditions of use of the license.
- Following the successful registration procedure and account creation through the Platform pursuant to article 7 below, for the entire duration of the Contract Cassandra guarantees the User a limited, personal, non-exclusive and non-transferable license for the use of Services selected by the User through the Platform (the “License”).
- Following the aforementioned registration procedure, the Company will send the User the credentials (user ID and password) necessary for the first access to the personal area of the Platform.
- The License is granted exclusively to the User and his employees and cannot be transferred to third parties without the written authorization of the Company.
- During the Subscription Period, the Provider may use the License, under the following conditions:
- the User must access the Platform via a web browser;
- the User must regularly pay the fee as displayed on the Platform at the time of signing up for the Subscription Period and as indicated in the appropriate section of the Account.
- The Services and related features may not be reproduced, duplicated, copied, sold, or otherwise exploited for any commercial purpose.
- The User may not use framing techniques to enclose any trademark, logo or other information owned by the Company (including images, text, page layout or shape) of the features or any content of the Platform without the express written consent of Cassandra .
- The User may not use any meta tag or any other similar tool that uses the company name and/or trademarks of the Company without Cassandra’s express written consent.
- It is forbidden for the User:
- introduce or make available software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of the Services or any software, hardware or telecommunications equipment of the Company or other users of the Platform;
- interfere with or disrupt the provision of the Services and its features or the servers or networks connected to it;
- collect or store personal data of other users.
- Any unauthorized use or attempt to use the Services and related functionalities in an unauthorized manner and/or contrary to the provisions under the License may result in the immediate revocation of the License by the Company at its sole discretion.
- Fee and method of payment.
- The fee owed by the User to the Company for the Services is indicated via the Platform at the time of signing up for the Subscription Period as well as in the appropriate summary section of the Account (the “Fee”).
- The Fee does not include access to any features of the Platform and/or consultancy activities relating to the Services other than those indicated at the time of selection by the User of the Services and of the Subscription Period; any such further requests by the User must be the subject of a separate written agreement between the Company and the User.
- In order to make the payment of the Fee pursuant to this article, the User must pay the Fee within 7 (seven) days of receiving the payment link sent by the Company (the “Payment Link”).
- At the beginning of each Subscription Period, the Company will send the Payment Link relating to the Fee due by the User who will have to make the relative payment according to the instructions indicated in the Payment Link.
- Registration, Account and Security.
- Account Creation
- In order to be able to use the Services according to the Subscription Plan, the User must first register on the Platform by creating an Account in the dedicated section of the Platform, providing the personal information requested from time to time (name, first and last name of the legal representative, email , telephone number, etc.). Cassandra is not responsible for the truthfulness and correctness of the information provided by the User.
- In case of non-compliance by the User with the requirements for the creation of the Account referred to in this Agreement, the company will proceed at its sole discretion and without prior notice to cancel the User’s personal area and any related information at the same.
- In order to complete the registration procedure on the Platform and for the creation of the Account, the Company will send a so-called OTP (One Time Password) code to the email indicated by the User when creating the Account. The aforementioned OTP code must be entered by the User on the Platform in order to confirm the creation of the Account and correctly complete the registration procedure on the same.
- Management of the Subscription Period
- By accessing the Account and through the appropriate section of the same, the User can check the summary information of the Subscription Period subscribed (eg duration, Fee, Services) as well as use the Payment Link transmitted from time to time by the Company pursuant to these General Conditions .
- By accessing the Account and using the appropriate command, the User will be able to manage the Subscription Plan by eliminating it and, as a result, interrupt the possibility of continuing to use the Services. In this case, the Account will remain active and the provisions of these General Conditions relating to the use of the Platform will continue to be applicable to the User; the License shall be considered revoked and as a result the relative provisions of the General Conditions will no longer be applicable to the User.
- Suspension and Termination of Account and Termination of Service
- The Company reserves the right to suspend access to the Account and/or to cancel the same, interrupting the provision of the Services, at its discretion, without notice and with immediate effect:
- Account Creation
- if the User has provided untruthful information during registration for the creation of the Account or subsequently in the context of his relationship with the Company or with its Partners;
- if the User refuses to provide information relating to the Account and his identity, where appropriate on requests from the judicial authority, the public order authorities and any other authority entitled to do so under the applicable laws;
- in case of violation by the User of these General Conditions and / or of the contractual agreements in place with the Partners of the Company;
- in case of fraudulent or illegal use, even if only suspected, of the Platform and/or the Services;
- in order to protect the User and/or the Platform from identity theft and/or other fraudulent activity of the User and/or third parties;
- if so requested by the judicial authority, by the public order authorities and by any other authority entitled to do so under the applicable laws.
- In the event of suspension, the Company may decide – at its sole discretion and unquestionable judgment – whether to reactivate or permanently cancel the Account. To proceed with the reactivation of the suspended Account, the User must make an explicit request to the Company, by sending a specific communication as required pursuant to article 18 below.
- In case of cancellation of the Account, the latter will no longer be able to use the Services offered by Cassandra through the Platform and the License will be considered revoked.
- Inactive account.
- In the event that the Account is inactive (i.e. the User does not log in to the Platform and has not subscribed to a Subscription Plan) for a period of at least 6 (six) consecutive months, the Company will send the User an invitation to access your Account and, jointly, an information notice in relation to the deactivation and cancellation of your Account (the “Cancellation Notice”).
- If within 14 (fourteen) days of the transmission of the Cancellation Notice the User does not access the Account and/or does not send a reply communication to the Company, the Company may cancel the Account and withdraw from these General Conditions by sending written communication to ‘User.
- For questions relating to the functioning of the Platform and/or the Services, the User may contact the Company via the live chat on the Platform or by booking a 15-minute meeting with Cassandra using the appropriate form on the Platform.
- Obligations of the User in relation to the use of the Platform.
- The User undertakes to use the Platform in accordance with the practice and ordinary operations for these types of platforms, in compliance with the technical characteristics and functions of the Platform itself as well as, where appropriate, with the instructions and indications given from time to time from society.
- The User shall refrain from assuming any conduct or performing any operation which causes or may cause damage to the Platform or which may compromise its performance, availability and/or accessibility. In any case, the Platform must be used lawfully, without engaging in any fraudulent activity against the Company, other users and/or third parties.
- The User will be responsible for all economic-financial and business data and information relating to his/her activity entered on the Platform and required for its functioning.
- The Company will rely solely on the information received and entered into the Platform by the User. The User acknowledges and accepts that the Company will not have any responsibility for anything that may result from the non-truthfulness, completeness or accuracy of said information that cannot be ascertained prima facie, nor will it have any obligation to carry out an independent verification of the accuracy , completeness and truthfulness of the data and information received.
- Pursuant to these General Conditions and in order to use the Platform, the User may not:
- use the Platform to copy, store, host, transmit, send, use, publish or distribute any material consisting of (or related to) spyware, computer viruses, trojan horses, worms, keystroke loggers, rootkits or any other harmful software;
- conduct any systematic or automated data collection activity (including, without limitation, data scraping, data mining and data harvesting activities) on or in relation to the Platform without Cassandra’s express written consent;
- access or otherwise interact with the Platform through the use of robots, spiders or other automated means, except for indexing by search engines or with the explicit consent of Cassandra expressed in writing;
- circumvent, circumvent or attempt to circumvent any restrictions on accessing the Platform;
- alter, modify or distribute to third parties any material on the Platform.
- The User acknowledges and accepts that Cassandra will have the right to suspend or interrupt the use of the Platform and the Services at any time in the event of failure by the User to comply with the obligations listed above. The User will also bear, exclusively, any loss or damage that may arise from the failure to fulfill these obligations and undertakes to hold the Company harmless and indemnified in the event of any actions, claims, costs, losses or other consequences disadvantages resulting from such failure.
- Warranties and Limitations of Liability.
- The User represents and warrants that:
- use the Platform and the Services in accordance with the provisions of this Agreement, including the Annexes, as well as all applicable laws and regulations;
- have all necessary authorizations and powers (including as a representative acting on behalf of your company) in order to enter into this Agreement;
- not qualify as a “consumer” pursuant to art. 3, co. 1 (a) of Legislative Decree 6 September 2005, n. 206;
- access the Platform and use the Services for purposes related to the entrepreneurial, commercial, craft or professional activity carried out by the User.
- The User undertakes to use Cassandra, all its contents and the Services offered, in compliance with the law, morality, public order and in accordance with the provisions of these General Conditions. Likewise, the User undertakes to make appropriate use of the Services and/or the contents of the Platform, not using them for illegal activities, contrary to good faith or morality or criminal, and not to violate the rights of third parties.
- The User assumes full responsibility for the information and material provided. In particular, the latter undertakes not to transmit, introduce, distribute and/or make available to third parties any material and/or information (for example: data, messages, images, audio files, photographs, etc.) conflict with morality, public order, these General Conditions and, in general, with any applicable law and/or regulation. The User is prohibited from using the Platform and the Services provided for purposes other than those provided for in these General Conditions.
- The User agrees to indemnify and hold the Company harmless in relation to any injury, loss, damage, liability, cost, burden, expense, including legal expenses, and any claim and/or demand and/or action (whether of compensation and/or as compensation) that has been and/or may be advanced against the Company, in any location, by third parties, in relation to the violation by the User of the provisions referred to in this article, as well as in relation to the violation by the User of any obligation assumed by the same under these General Conditions.
- The User expressly acknowledges and accepts that:
- the Company does not guarantee that the Platform and/or the Services will meet the Client’s need and/or will be available in an uninterrupted, secure and error-free manner;
- the Company does not provide any guarantees regarding the quality of the features of the Platform and/or the Services;
- in no event shall the Company and/or its subcontractors and/or Partners be liable to You or any third party with respect to any tort, contract, negligence, strict liability in respect of any loss of profits, lost or damaged data , computer failure or malfunction, business interruption, or other special, indirect, incidental, or consequential damages of any kind arising out of the use or inability to use the Platform and/or the Services, even if the User has been advised the possibility of such loss or damage and whether such loss or damage was foreseeable;
- under no circumstances is the Company responsible and may not be held responsible for the correct functioning of the Payment Link and/or for any damage resulting from the User’s use of the Payment Link and/or the Platform or the Services in the event of a malfunction of the same due to third parties and / or Partners;
- the Company will have no responsibility for any unlawful use of the Platform and/or the Services by the User;
- shall undertake to indemnify and hold the Company harmless from any claim, damage, liability, cost and expense (including reasonable legal fees) deriving from the use of the Platform and/or Services by the User in violation of the provisions of this Agreement ;
- the Company may modify, limit or remove all or some features of the Platform and / or the Services for data security reasons, technical needs or due to changes in the applicable law, provided that the modification, limitation or removal is reasonable for the ‘User in consideration of the interests of the Company and the User. The Company will inform the User of such changes in good time and in writing by email;
- any content downloaded or otherwise obtained from or through the Services and/or Platform is obtained at the User’s sole and exclusive discretion and risk. The User is solely and exclusively responsible for any damage to the device through which he accesses the Platform or for the loss of data resulting from the use of the Services and/or the Platform;
- the Company and all its collaborators will in no case be liable for any damages of any kind and nature resulting from (i) the incorrect use of the Services and / or the Platform, (ii) the unauthorized access or alteration transmissions or data and / or information of the User, (iii) the statements or behavior of any third party.
- Nothing provided in these General Conditions will have the effect of limiting or excluding the liability of the Company in case of damages deriving from willful misconduct or gross negligence pursuant to art. 1229 of the civil code.
- Contracting with third parties through the Platform.
- The User acknowledges and accepts from now on that the Company will remain completely extraneous to any contractual or extra-contractual relationship with any third party who publishes announcements of any kind on the Platform.
- The Company therefore declines all responsibility for any damages of any nature deriving or arising from contractual and/or non-contractual obligations with such third parties.
- Updates and changes to the Platform and the Services.
- The Company reserves the right to unilaterally modify the Contract at any time by notifying the User by e-mail. The User is required to carefully read the communications sent by Cassandra in accordance with the foregoing.
- Cassandra also reserves the right to modify, update or cancel unilaterally and at any time (i) the information contained in the Platform without prior notice sent to the User (with reference, by way of example and not exhaustively, to the layout or design of the Platform , the conditions of access, registration and use of the Platform and the related functions, etc.), and (ii) the Services and the functions associated with them.
- Confidentiality obligations.
- All information exchanged between the User and the Company pursuant to this Contract will be considered strictly confidential (the “Confidential Information”) and will be used exclusively for the purposes of the Contract.
- The User and the Company undertake to:
- use the Confidential Information exclusively in relation to the execution of this Agreement;
- disclose Confidential Information only to its representatives who have a need to know, provided that such representatives are bound by non-disclosure obligations;
- protect Confidential Information from disclosure in the same manner and with the same duty of care that the User uses to protect its own Confidential Information of equal importance; And
- promptly return or destroy Confidential Information at the request of the other party, except for any portion that is required to be retained by law.
- The obligation of confidentiality referred to in this article does not apply, however, to elements and information that:
- are generally available or public; or
- the party received from a third party without any obligation of confidentiality; or
- were already known by the party, without any obligation of confidentiality, prior to when they were shared by the other party; or
- one party learned autonomously without using elements or information received from the other party.
- In the event that a party is required to disclose any of the Confidential Information by law, if permitted by applicable law, it shall promptly notify the other party of the terms and circumstances of such request.
- Intellectual Property Rights.
- The User acknowledges that the Platform and the computer programs connected to it contain confidential information and are protected by laws on intellectual and/or industrial property.
- The User also acknowledges that the Company is the legitimate owner and/or licensee of the Platform and the Services, as well as of the contents, information, documents, photographs, drawings, graphics, databases, software, logos, trademarks, trade names or other signs, present on the Platform. Except for the case in which it is expressly authorized by the Company or by third parties holding the corresponding rights, the User undertakes not to modify, dispose, reproduce, transform, modify, reverse engineer, distribute, assign or make available to third parties to any title and in any way (whether free of charge or against payment) the above elements.
- With the exception of the data provided by the User, all intellectual property rights relating to the contents of the License (including the texts, contents, photographs, videos, audios, interfaces, graphics and the selection and arrangement of the same as well as any information material that will be provided to the User) will be the exclusive property of the Company.
- By intellectual property rights we mean all rights of economic use, such as, for example: right of publication, reproduction, distribution, diffusion and communication by any means, in whole or in part, as well as the right of modification, processing, transformation, the right of loan and rental, the right of presentation in public.
- The User is granted a non-exclusive and non-transferable license to access and use the features of the Services within the limits and in the manner described in this Agreement. The Company does not transfer to the User, and the latter does not have the right to sub-license, any intellectual property rights of the Company.
- The User will not have the right to use any trademark and / or distinctive sign owned by the Company and / or any collaborator of the latter.
- The User authorizes the Company to publish the User’s brand and/or name on the Company’s website as well as on its promotional material for informational purposes only.
- Withdrawal and penalties.
- The User may withdraw from the Contract at any time by sending a written communication, sent by PEC or registered letter with return receipt to the Company address indicated on the Platform and / or by using the appropriate function in the Account in order to withdraw from the Subscription Plan.
- In case of withdrawal, the User will have access to the Services until the expiry of the relevant Subscription Period. The User will not be entitled to any refund of the Fees already paid and the Fee relating to the Subscription Period during which the User has exercised the right of withdrawal will also be due to the Company.
- At the end of the Subscription Period, the Account will remain accessible to the User for a further period of 6 months. During this additional period, the User will only have access to the history of the activities carried out on the Platform and will not be able to use the Services covered by the License.
- The Company will not grant refunds and/or credits for partially used term periods and/or in case of failure and/or partial use of the features of the Platform and/or the Services during the Subscription Period.
- The Company may terminate the Contract at any time pursuant to Article 1456 of the Italian Civil Code. civ., by sending a PEC or registered letter with return receipt to the Customer, and anticipated by mail, to the address indicated in the Account creation phase, in the case of;
- use of the Platform not compliant with the terms and conditions of this Agreement; and/or
- non-payment by the User of the Fee relating to the Subscription Period, according to the methods and times indicated in the Payment Link.
- Communications sent by the Company to the User and vice versa provided for and/or relating to these General Conditions must be sent to the following addresses:
- as regards communications addressed to the Company: Corso di Porta Romana no. 6, 20122 Milan,e-mail:email@example.com, pec: firstname.lastname@example.org ;
- for communications addressed to the User: residence address of the legal representative / registered office or alternative address indicated by the User when entering the data to create the Account.
- These General Conditions are governed by and must be interpreted according to Italian law.
- Disputes relating to the interpretation and execution of these General Conditions will be devolved to the jurisdiction of the Court of Rome.
- Referral to law.
- For anything not provided for in these General Conditions, the provisions of Italian law in force will be applicable.
- Processing of personal data.
- The Company undertakes to apply adequate technical and organizational measures to guarantee the punctual and exact fulfillment of all the obligations in force regarding privacy and the processing of personal data, in accordance with the provisions of EU Regulation 2016/679 on data protection (“GDPR ”), as well as any other applicable national legislation.
- The Company takes the form of an independent controller pursuant to Article 24 of the GDPR in relation to the processing of the User’s personal data, of natural persons acting in the name and on behalf of the latter and of the User’s employees; this treatment will take place in compliance with the provisions of the available Privacy Information here.
- Furthermore, in the context of the execution of the activities covered by this Contract and with reference to the data of the User’s customers, the latter acts in the role of data controller of personal data, while the Company acts in that of data processor, following the instructions given by the User and detailed in writing in the Appointment as Manager (attached to these General Conditions sub-Appendix), also undertaking to comply with the applicable provisions of the supervisory authority for the protection of personal data competent pro tempore in force.
- For the information in relation to the processing of the User’s personal data, please refer to the available Privacy Information here, which the User must read and which must be accepted by the latter for the purpose of providing the Services.
- Cassandra reserves the right to unilaterally modify these General Conditions at any time, also in order to adapt them to legislative changes or any changes to the Services themselves.
- The above changes, which can be consulted at the General Conditions link, will be notified to the User where they result in changes to the Services.
APPENDIX – APPOINTMENT OF DATA PROCESSING MANAGER
The User, as identified at the time of registration and creation of the Account on the Platform (the “Data Controller”)
Cassandra Ltd, with headquarters in Corso di Porta Romana, n. 6, 20122 Milan, fiscal code, VAT number, fiscal code and registration number in the Milan Company Register no. 1265410965 (hereinafter, the “Data Processor”)
(the Data Controller and the Data Processor, hereinafter also, individually, a “Party” and, jointly, the “Parties”).
- pursuant to Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 containing the European regulation for the protection of individuals with regard to the processing of personal data, as well as the free movement of such data ( General Data Protection Regulation, hereinafter “GDPR” and, jointly with the Legislative Decree of 30 June 2003, n. 196, as amended by the Legislative Decree of 10 August 2018, n. 101, the “Applicable Regulation”), the Data Controller, if processing is to be carried out on your behalf, you must only use processors who present sufficient guarantees to implement appropriate technical and organizational measures,in such a way that the treatment satisfies the requirements of the Applicable Law and guarantees the protection of the rights of the subject to whom the personal data refer (hereinafter, the “Data Subject”);
- this agreement (hereinafter the “DPA”), which forms an integral part of the General Conditions of the Platform, is aimed at regulating the appointment of the Data Processor and the relationship deriving from this DPA;
- by virtue of this DPA, which has an ancillary nature to the Contract, the Data Processor processes, directly and/or through his own specifically authorized personnel (hereinafter the “Authorised”), as well as through any other data processors (hereinafter the “Sub -Responsible”), the categories of personal data as better specified in Annex A (“Description of the treatment”) (the “Personal Data”);
- the Personal Data of the interested party are also processed by the Data Processor for the purposes described in Annex A (“Description of the processing”);
- the Data Processor must present sufficient guarantees to implement adequate technical and organizational measures so that the treatment meets the requirements of the Applicable Law and guarantees the protection of the rights of the interested party;
- all capitalized terms not otherwise defined in this DPA shall have the meanings given to them in the Agreement.
ALL THIS CONSIDERED, the Parties agree as follows
- Appointment of the Data Processor.
Pursuant to Article 28 of the GDPR, the Data Controller intends to entrust the processing of Personal Data to the Data Processor, as specified below.
- Obligations and Guarantees of the Data Processor.
The Data Processor undertakes to:
- process Personal Data exclusively for the purposes for which the data controller has been appointed;
- perform what is necessary for compliance with the Privacy Law and the GDPR, and with any other applicable legislation on the protection of personal data and make available to the Data Controller all the information necessary to demonstrate compliance with its obligations as data processor processing pursuant to Article 28 of the GDPR;
- process Personal Data only on the documented instruction of the Data Controller, unless required by law or regulation; in this case, the Data Processor informs the Data Controller about this legal obligation before the processing;
- keep a Register of the processing activities carried out under its responsibility pursuant to Article 30, par. 2, of the GDPR. In particular, this register must contain:
- the name and contact details of the Data Processor(s), of the Data Controller on whose behalf the Data Processor acts, of the Data Controller’s representative or of the Data Processor and, where applicable, of the Data Protection Officer of data (DPO);
- the categories of treatments carried out on behalf of the Data Controller;
- where applicable, transfers of Personal Data to a third country (by this meaning a non-EU country) or an international organization;
- possible, a general description of the technical and organizational security measures implemented in accordance with Article 32 of the GDPR;
- adopt the technical and organizational security measures of the Personal Data being processed in compliance with the provisions of the GDPR and supervise their application, in order to guarantee a level of security appropriate to the risk as required pursuant to Article 32 of the GDPR and minimize the risks of destruction or loss, unauthorized access or treatment that is not permitted or does not comply with the purposes of collecting the Personal Data, and inform, without unjustified delay, the Data Controller should one of these events occur at pursuant to Article 33 of the GDPR. These measures must take into account the state of the art and implementation costs, as well as the nature, object, context and purpose of the processing,
- in the presence of the exercise of one’s rights by an interested party, pursuant to articles 15-20 of the GDPR, if the Data Processor is still processing the Personal Data, within a period that allows the Data Controller to reply to the Data Subject in accordance with the law and, in any case, no later than 10 days from receipt of the instance:
- collect the information contained in the access request and in the other types of requests advanced by the interested party and transmit them by cooperating in order to provide feedback to the interested party;
- give communication of the request to the Sub-Managers and/or Authorized to the processing who are presumed to process or have processed the Personal Data of the applicant, in order to collect the information necessary for the satisfaction of the request;
- assist the Data Controller with technical and organizational measures in the event of requests from interested parties pursuant to the Privacy Law, and to provide any information and/or document useful or appropriate to follow up on the requests themselves;
- provide the Data Controller with every element useful for carrying out an impact assessment by the Data Controller if necessary pursuant to Article 35 of the GDPR, as well as collaborate in carrying out any prior consultation with the Guarantor pursuant to Article 36 GDPR. The Data Processor makes the results of any impact assessment carried out by the Data Controller available to the Data Controller;
- expose in detail to the Data Controller any impediments to the exercise of one’s functions;
- make available to the Data Controller all the information necessary to demonstrate compliance with the law, allow and contribute to the review activities, including inspections, carried out by the Data Controller or by another person appointed by him. Furthermore, if, in his opinion, an instruction received from the Data Controller violates the GDPR or other national or EU provisions, the Data Processor will immediately inform the Data Controller.
- Persons Authorized to process.
The Data Processor will identify the Authorized Authorities who act under their authority in relation to the processing of Personal Data, pursuant to Article 29 of the GDPR; these Authorized will be obliged to keep the Personal Data confidential. The authorization will be accompanied by suitable and detailed instructions regarding the methods of treatment and, for the entire duration of the DPA, the Data Processor will scrupulously supervise the exact fulfillment of the same by the Authorized.
The Data Processor is authorized to resort to Sub-Processors for the execution of the processing activities (or part thereof), imposing on them the same obligations regarding the protection of Personal Data to which the Data Processor is subject, providing in particular sufficient guarantees to put in place appropriate technical and organizational measures, so that the treatment meets the GDPR requirements.
The Data Processor undertakes to inform the Data Controller of any changes regarding the addition and/or replacement of Sub-processors. The Data Controller will have the right to object to such changes by communicating his opposition in writing within 5 days of notification by the Data Processor.
The Parties, each to the extent of their competence, undertake to keep each other harmless from any dispute, action or claim made against them by the interested parties and/or by any other person and/or Authority following any non-compliance with the Privacy Law.
It is understood that where the Data Processor has fulfilled the tasks assigned to him under the DPA and the obligations of the GDPR specifically aimed at data processors, the Data Controller will be liable for damages caused to the data subject by the processing carried out in violation of the law.
- Duration and effective date.
The duration of the treatment is indicated in Annex A (“Description of the treatment”), and in any case limited to the execution of the activities covered by the Contract. Upon termination, for any reason, of the Contract, the Data Processor undertakes to cancel from any medium as well as, where requested by the Data Controller, to return the Personal Data processed directly or incidentally on behalf of the Company within 30 (thirty) days, without prejudice to further conservation obligations established by the regulations to which the Data Processor is obliged. It is understood that the demonstration of the reasons justifying the continuation of the conservation obligations is the responsibility of the latter, and that the only purposes that can be pursued with such Data are exclusively limited to responding to these regulatory obligations.
Annex A – Description of the treatment
With reference to the DPA, of which this annex forms an integral and substantial part, the categories of Personal Data processed by the Data Processor on behalf of the Data Controller are detailed below, the types of interested parties to whom such Data refer, the treatments carried out existing, the purposes and duration of the processing.
Categories of Personal Data
☒Tax ID code
☒Date of birth
☒Profiling data (e.g. consumption habits)
Categories of data subjects
☒Partners (corporate structure)
Purpose of the treatment
The provision of the Services offered by Cassandra through the Platform.
Duration of treatment
For the duration of the Subscription Period and for six (6) months after the termination of the same.