Terms & Conditions
Happyagility | Legal Notice and Terms of Use
Information about the company that manages the services
Effective date: September 15, 2021. In case of new sign-ups or first use of the Site, August 22, 2021.
The platform accessible through the www.happyagility.com and www.landing.happyagility.com domain name (the “Site”) is provided by HAPPYAGILITY (hereinafter referred to as “us”, “we” or the “Company”), a UK entity with a registered address at HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
Company[India Business Address - For all communications] (referred to as either "the Company", "We", "Us" or "Our" in this Disclaimer) refers to HAPPY AGILITY (UK) LTD, 25/13/382, NGO's Colony B V Nagar, Nellore- 4, India.
You may contact us by sending an email to support@happyagility.com.
1. General
These terms of use (the “ToU”) are the legal agreement between you and the Company, and govern the access to, browsing, and use of the Site. By accessing the Site, you accept to be bound by these ToU. In the case you do not agree with the terms and conditions set forth herein, you must refrain from accessing and using the Site. Should you have any doubts in connection with these ToU, please contact support@happyagility.com.
2. Purpose of the Site
The purpose of the Site is to provide general and business information about the activity of the Company and, with respect to users that have created an account in accordance with the Service Terms and Conditions, enable the use of the services offered by us, consisting in the creation of online forms, interacting with our platform (the API), and any other services as may be offered by us from time to time (indistinctly referred to as the “Services”).
The Site is not targeted towards, nor intended for use by, anyone under the age of 16. You must be at least 16 years old to access and use the Site and use the Services. If you are between 14 and 16 years old, you may only use the Site under the supervision of a parent or legal guardian.
3. Information available on the Site
We make our best efforts to ensure that all general and business information available on the Site is comprehensive and error-free, and we periodically review the contents, information, and any other data of any kind included on the Site. However, you acknowledge and accept that all data available on the Site is provided for information purposes only and that the Company does not warrant nor accept any liability for any errors existing in the information. We recommend that you search from time to time for updates of, or amendments to, the contents of the Site.
4. Your use of the Site
You must use the Site to comply with the law and public order. In particular, you undertake to not use the Site to pursue illegal purposes, contrary to the rights and legitimate interests of us or any other third party, or in any other manner that may tamper, disrupt, overload, or otherwise damage the Site or the Services. You undertake to comply with any instructions or recommendations given by us or by any individual acting on behalf of the Company in connection with the use of the Site or the Services.
5. Indemnity
You shall indemnify, defend, and hold the Company, its officers, directors, employees, agents, partners, suppliers, and/or licensors harmless, and will keep them indemnified from and against any claim, loss, expense, liability, damage, or demand—including reasonable attorney’s fees— relating to, arising from, or allegedly arising from your use of the Site in breach of the law, or a breach of these ToU or any other contractual obligation you have assumed vis-à-vis the Company.
6. Limitation of liability
We make our best efforts to ensure that the Site is available and fully functional. However, to the maximum extent permitted under applicable law, we do not warrant that the Site will always be available, undisrupted, and error-free. In particular but without limitation, we shall not be held liable in the event of:
-Technical errors preventing a regular use of the Site and caused by force majeure circumstances, acts of God, or otherwise;
-Maintenance works impacting the availability and access of the Site;
-Damages based on the contents of the Site;
-Wrongful use of the Site, or use contrary to the law, these ToU, or any other agreement between you and the Company;
-Unauthorized third party access to the Site or the Services;
-Conflicts that arise between you and other users of the Site; or
-Contents uploaded by you to the Site.
7. Intellectual property
All works, trademarks, software, or other contents and creations displayed on the Site or otherwise provided or made available by us through the Site or the Services are owned by the Company or have been licensed to us by their owner. Unless expressly granted by their corresponding rightsholders or by law, you do not have any use or ownership rights upon the above-mentioned contents and creations other than for the use of the Site and/or the Services under the terms and conditions described in these ToU. Therefore, except when authorized in accordance with this section or these ToU, you may not distribute, reproduce or copy, communicate to the public, transform or modify, adapt, translate, or otherwise use and exploit said works.
8. Privacy and cookie policy
Your use of the Site and/or the Services may result in the collection and further processing of information, including information of personal nature. We will inform you whenever said collection and processing takes place, and the processing shall be governed and subject to our Privacy Policy and Cookie Policy.
9. Links to third parties’ webpages
We are not liable for websites and contents provided by third parties that are linked or embedded in the Site or the Services, either as advertisement banners or otherwise included in any of the Site’s contents. We shall have no obligation to review the contents of said webpages and the services or products that third parties may offer through them, and their existence does not imply that we support, promote, endorse, sponsor, guarantee, or recommend the linked websites, contents, services, or products. You acknowledge that terms and conditions may apply to the access and use of said services, products, and websites and that you are responsible for reviewing and accepting them.
10. Amendments to the Site
We may update, delete, amend or modify the Services, the Site, and the information provided through the Site from time to time. Likewise, we may delete access to the Services or the Site from time to time, by providing prior reasonable notice.
11. Governing law and dispute resolution
The rights and obligations of the parties under these ToU shall be governed by India law. This shall not prevent the application of those mandatory rights you are entitled to under your applicable law in the event that you are acting as a consumer.
Also, should you be acting as a consumer, you may also access the European Union’s online dispute resolution webpage.
12. Miscellanea
The illegality, invalidity, nullity, or unenforceability of any of the sections of these ToU will not affect the validity of its other provisions, which shall remain in full force and effect. Such sections are to be replaced or integrated into others that, in accordance with the law, correspond to the objective of the substituted sections.
If at any time, we fail to respond to a breach of these ToU by you, that failure will not waive our right to act with respect to subsequent or similar breaches. A waiver will only be binding on the Company if it is in writing and signed by the Company.
These ToU are drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.
Happyagility | Service Terms and Conditions
Terms and conditions applicable to the use of the Services
This policy was last updated on September 1, 2021.
The platform accessible through the www.happyagility.com and www.landing.happyagility.com domain name (the “Site”) is provided by HAPPYAGILITY (hereinafter referred to as “us”, “we” or the “Company”), a UK entity with a registered address at HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
Company[India Business Address - For all communications] (referred to as either "the Company", "We", "Us" or "Our" in this Disclaimer) refers to HAPPY AGILITY (UK) LTD, 25/13/382 , NGO's Colony B V Nagar, Nellore- 4, India.
You may contact us by sending an email to support@happyagility.com.
1. General
These Service Terms and Conditions (“STC”) govern the use of the services offered by us, consisting of the creation of online forms — the subsequent collection, storage, and related information management, and any other services as may be offered by us from time to time (the “Services”). Terms of Use are included in this STC by reference.
In order to be able to use the Services, you will need to create an Account (as this term is further described in section 2.a below) and comply with other requirements set forth in these STC. Please note that the Account also enables you to use the functionalities aimed at interacting with the product accessible through the Site. Should you decide to use those functionalities, the Developer Terms and Conditions apply to you in addition to these STC.
2. Access to the Services; Account Creation
a) Eligible individuals
Services are offered to individuals and companies, either conducting business activities on their own or acting as consumers. For purposes of these STC, ‘consumer’ shall be interpreted as an individual or company using the Services for a purpose other than to conduct a business or commercial activity. If you are creating an account for your company, you understand and agree that said company will be understood to be the owner of the Account and, hence, any contents created using the Services, and any data collected through the Services will be understood to belong to your company unless otherwise agreed between you and your company.
The Services are only addressed to individuals being sixteen (16) years of age or older. By filling out the registration forms and requesting our Services, you warrant and represent that you have that legal age.
b) Account creation
In order to access the Services, you will need to register and create an account on the Site (the “Account”). To this end, you must provide true, current, complete, and accurate information, as requested during the registration process, that refers to you. You cannot sign up or otherwise create an account with us on behalf of a third party.
If you are an individual, you should create a personal and non-transferable Account, which will allow using the Services for your personal purposes only.
If you are a company, you should create a Business Account, which will allow you to use the Services under a company/group name. In that case, you warrant and represent that you can legally enter into these STC on behalf of your company. Note that account sharing is not permitted under these STC and, thus, you should obtain as many seats as needed for each individual using an Account within your organization.
If you create an Account, you will be able to opt for any of the plans described in the Pricing section. Among other functionalities, these plans enable you to manage shared workspaces with as many Accounts as you have selected in your plan, by sending an invitation to collaborate with other users owning an Account with us. The owner of the paid plan will have limited admin rights to control contents created and manages from the rest of the Accounts. It is your duty to make sure that the other users understand the impact of their privacy and content ownership when accepting to be part of your plan, and you shall indemnify, defend, and hold us harmless of any costs or damages directly or indirectly related to these matters.
Services definition may vary from time to time and further and more detailed information on the current features and functionalities of the Service is provided during the signup process.
Account ownership is based on the data provided when signing up and, to this end, it is important as mentioned above that all information you have submitted is true, accurate, current, and complete. You undertake to notify us of any changes to the information submitted upon sign-up or thereafter so as to keep any information we may have in our records current and accurate. Note that when you are providing your information and accepting these STC, you are entering into an agreement with us that describes which are the obligations we have with regard to each other. If you have problems accessing or logging in to the Services, please contact us at support@happyagility.com.
c) Provision of the Services
Once an Account has been successfully created, Services will be available and ready to use. Note, however, that certain features are only available to certain plans and are subject to prior payment of the corresponding fees, so access to and use of certain functionalities and Services under said Accounts is subject to said payment requirements.
This section does not preclude your rights as a consumer under section 7 below—if you are using the Services as a consumer, you are entitled to cancel and withdraw from these STC and the Services under the terms and conditions detailed in that section.
3. Use of your Account and Services, and Your Contents
a) Account security and credentials
Accounts are to be used by you, and it is strictly forbidden to share or allow others to use them. You must keep credentials for your Account secured at all times. It is strictly forbidden to share said sets of data with any third parties or to write them down for recovery purposes. Should you suspect that your Account or your credentials have been or are being used by a third party, or have been compromised, you must contact us immediately at support@happyagility.com. Otherwise, we may attribute all use of your Account to you, and you agree to be responsible for all activities that occur under your Account.
b) Use of your Account and Services
You must use your Account and the Services complying with the law, and public order. You shall not:
• Access the Site, Accounts, and/or the Services by any means other than through interfaces provided by us and as otherwise expressly authorized under these STC;
• Use the Services as a hosting service or hosting system only;
• Use the Services, or any responses or media within the Services to create web pages or for hosting or supporting online resources, or as a data repository;
• Avoid, bypass, remove, deactivate, impair, descramble or otherwise tamper with the security measures, usage rules, or other protection measures implemented by us, our service providers, or any third parties to protect the Site, the Accounts, or the Services, as well as the restricted features or functionalities available for given categories of Accounts other than the one you are holding, or to attempt to do any of those actions;
• Access, tamper with, or use non-public areas of the Service or the Site, the computer systems of the Company, or the technical delivery systems of our providers;
• Use any metatags or other hidden text or metadata in the Site or Services, as well as forge headers or otherwise manipulate identifiers in order to disguise the origin of any content transmitted through the Service;
• Use, display, mirror, or frame the Site or Services, any individual element within the Site or Service, the layout and design of any portion of the Service or the Site, or the intellectual property rights and other proprietary rights of the Company;
• Attempt to access or search the Services or Site, scrap or download content from the Services or Site, or otherwise use, upload content to, or create new links, reposts, or referrals in the Services or Site through the use of any engine, software, tool, agent, device or mechanism (including automated scripts, spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by us or other generally available third party web browsers or search engines;
• Reverse engineer, decompile or disassemble software used in connection with happyagility forms, Site or Services;
• Interfere with, or attempt to interfere with, the access of any user, host, or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Services or the Site;
• Reproduce, duplicate, copy, sell, trade, resell or exploit for any commercial purpose any portion of the Site or the Services, or your access to or use of the Site or Services;
• Impersonate or misrepresent your affiliation with any person or entity, as well as stalk or harass other users or third parties, or share or use offensive or pornographic materials;
• Activities such as vulnerability scanning, load testing, penetration tests, or bypassing our security measures in any intended way are strictly prohibited to be carried out on our platform without our previous written approval;
• Use the Services and, in particular, the functionalities aimed at ensuring the interaction of the Services and our product to monitor the availability, performance, or functionality of our Services or the Site, or for benchmarking or other competitive purposes;
• Collect credit card information (unless using the specific questions blocks provided by us), passwords, or similar login credentials;
• Send electronic communications that are not expressly requested or authorized by the recipients, or send mass and/or repetitive electronic communications (spam). In this sense, you must not use the Services to send any communications in a way not permitted by or compliant with any applicable laws or industry standards, or to any recipient who has opted out, unsubscribed, or otherwise objected to receiving such messages from you or another party on whose behalf you may be mandated; or/and
Otherwise, use the Account, Site, or Services in a manner contrary to the rights and legitimate interests of the Company or any other third party, or in any other manner that may tamper, disrupt, overload, or otherwise damage the Site or the Services. You may let us know about any abuse by contacting us at support@happyagility.com.
For the avoidance of doubt, you—or any third party authorized by you—may carry out any action that enables the Services to interoperate and communicate with a given software program, provided that any such integration has been developed by means of the public APIs and related products and services provided by us as part of our range of technical products for the developer and integrator users. You understand that we do not control the use of any information collected by third parties—regardless of whether the said collection of information took place in the past, is taking place in the present, or is intended to be carried out in the future—by means of said integrations and that further third parties’ terms and conditions may apply to your use of APIs. Therefore, you understand and agree that we shall not defend, indemnify, or hold you harmless for any and all costs or damages arising from those third-party actions and integrations.
c) Usage limits
You shall only use the Services in full compliance with the conditions set forth in these STC and according to the contracted plan limits as described in the Pricing section, which includes, among others, limitations to the number of features that can be used, questions blocks that can be added to a form, or the number of authorized responses and/or users.
Up to certain limits, you may opt to purchase add-ons to your plan at any time to increase, for instance, the number of available responses to your plan, or add other features. These add-ons can be purchased in the ‘Settings’ menu of your Account, and are valid upon activation and for a period of time equal to the subscription you have purchased (i.e. monthly / yearly).
In the event that the limits of the authorized response are reached, we will not be required to collect, store and/or process any response in excess of the applicable limits. You may opt to activate the ‘upgrade my plan’ feature as further described in section 5 of the Payment Terms and Conditions.
d) Beta Services
You may be offered to take part in early access programs to use so-called alpha or beta versions of the Services (“Beta Services”). Beta Services may not work in accordance with the documentation we may provide you with, or they may contain errors, defects, or bugs, as you acknowledge and agree. Beta Services are not covered under any service level commitments under these STC, and, as an exception to the provisions in sections 9, 10, and 11, we do not make any sort of representations and warranties, and disclaim any liabilities regarding Beta Services. Beta Services may be discontinued at any time, for no reason and without prior notice, and nothing in these STC shall be construed as requiring us to release Beta Services as part of our regular Services.
e) Materials available in the Services or the Site
The Site and the Services may include information, graphics, text, images, and other materials uploaded by other Account holders or third parties. Said materials are solely for your use in connection with the Site and Services, and their legality, accuracy, and completeness are the sole responsibility of the party that has uploaded them to or provided them as part of the Site or the Services. Use of the materials may be subject to specific terms and conditions or license terms, and you are responsible to obtain any required licenses or authorizations and complying with any licenses or terms and conditions applicable to them.
f) Services and third-party service providers
To ensure you are provided with high-quality Services, from time to time we may rely on third-party service providers. You understand that those providers act beyond our reasonable control and that we shall not be held liable for any damages caused by an action or omission attributable to them.
Also, you may decide to use third parties to process the information you may collect through the Services (e.g. by using webhooks). In all those cases, you acknowledge and agree that those third parties are beyond our reasonable control and that we will not be liable for any damages arising from the use of said information by them, or in the event that you decide to transfer information to those third parties by using non-secured means (e.g. non-https transfer protocols). We recommend that you carefully review any terms and conditions governing the use of those third parties’ services and any integration tools they may offer before you start using their services. Note that the use of said services may result in the transmission of any kind of information (either confidential or having a personal nature, among others) outside our platform, and third parties not related to the Company may subsequently be gaining access to, modifying, or even deleting said information.
g) Your contents
We do not claim ownership of the contents you may upload or otherwise use in connection with the Site or Services. However, to ensure we can provide you with the Services or access to the Site, you grant us a worldwide, royalty-free, transferable, sublicensable, non-exclusive license to use, reproduce, distribute, communicate, and publicly perform or display (including, among others, the rights to broadcast and transmit), transform and modify, and/or adapt your contents in connection with the operation of the Site and/or the Services. This license is limited to the extent necessary to provide you with the Services only, and we shall not use your contents for any other purposes. You represent and warrant that you have the rights necessary to grant the license hereunder and that your contents do not infringe the law or third-party rights or interests.
Please note that by submitting content (photos or videos) into the Service, said contents are made publicly available to third parties. Please evaluate whether you want to share said content under those conditions before submitting them as part of the Services.
h) Third parties’ intellectual property & other proprietary rights
Without prejudice to section 3.b above, you accept not to upload into the Services or the Site, or post, email, transmit, share, or otherwise use, in conjunction with, or related in any manner with the Services or the Site, content for which you do not have the prior authorization of their titleholders. We are not responsible for said content nor the actions you may take with respect to the content, and you shall not use third-party content unless you have first obtained the permission of its owner.
By way of example, you shall not use photographs, music, text, graphics, information, trademarks, trade names, or other content protected under intellectual property rights that are not yours, except when the corresponding owner has expressly given its approval. It is strictly forbidden to use the Services to circumvent the rights of any titleholder upon its intellectual property or other exclusive rights, such as, for instance, providing through the Services links to P2P platforms including infringing materials.
Notwithstanding section 11 below, we may delete at any time any content that breaches this section, without prior notice and accept no liability for any such deletion.
i) Review your contents
You acknowledge that, in order to ensure compliance with legal obligations, prevent phishing or fraud, or when unlawful content is reported to us, we may be required by third parties to review certain content submitted by you to determine whether it is illegal or whether it breaches these STC. We may at our sole discretion modify, prevent access to, delete, or refuse to display content that we believe violates the law or these STC. However, you acknowledge that we have no obligation to monitor or review any content submitted by you.
j) Obligations vis-à-vis Respondents
Your use of the Services may result in the collection and further processing and analysis by you of information belonging to third parties (the “Respondents”). Any contractual relationship existing with Respondents is entered into between you and them. You are fully responsible for meeting any applicable obligations when contacting Respondents and processing their data.
k) Collaboration with us
You undertake to comply with any instructions or recommendations given by us or by any individual acting on behalf of the Company in connection with the use of the Site, your Account, or the Services.
4. Fees and payments
Payment for the Services shall be subject to the Payment Terms and Conditions, which are included in these STC by reference.
5. Term
The Services shall be accessible from the moment the subscription process is finalized and shall be available to you unless you terminate your account through “My Account". Pain plans are subject to a particular term, as selected by you when signing up for said Services, and shall automatically renew (together with any add-ons you may have decided to purchase) on monthly or annual periods, depending on the term contracted, unless you, at any time, decide to cancel their renewal through “My Account” section. In any such cases, except if you decide to cancel your entire account, the subscription you have paid for will run for the entire contracted term, and your Account will be downgraded to a free plan.
As mentioned above, you may terminate your Account at any time, and we reserve the right to terminate your Account under the conditions set forth in section 6 below. These STC apply as long as you have an account through our Site, regardless of the type of Account you held at each moment.
This section shall not prevent the rights you have as a consumer in connection with the cancellation of, or withdrawal from, your Account. For further information please refer to section 7 below.
The content will be made available to you and at your disposal at the end of the Term, but if you terminate your Account, everything will be erased (including the content) as indicated in section 6.b below. For any personal data collected through the Service, please check the terms of the Data Processing Agreement to learn how data will be processed upon the termination of the Services.
6. Suspension and termination of the Account
a)Termination or suspension by the Company
We are entitled to suspend your Account in the event that you provide us with untrue, inaccurate, not current, or incomplete information when creating your Account, as well as when you fail to comply with these STC or other mandatory provisions by law. Upon the occurrence of any of these, we will contact you and request you to remedy your breach of these STC.
We are entitled to terminate your Account in the event you fail to redress any STC breach in the non-extendable term of ten (10) calendar days from the notification date. Additionally, your Account may be terminated in the event you substantially breach these STC, including without limitation any case in which the Account is used to commit fraud (e.g. to carry out phishing attacks) or willfully addressed to breach the law. Account termination may result in data loss.
Finally, we may terminate your Account should you oppose the appointment of any sub-processor, as further detailed in our Privacy Policy.
b) Termination by you
You may terminate your account at any time by using the account termination option. If you terminate your Account you may still be able to access the Site, but you will not have access to the Services, features, and content that are available to Account holders. Please note that this may result in data loss.
7. Cancellation of your subscription - withdrawal right
The Services are available upon completion of the signup process and creation of your Account (except for those functionalities subject to any of the subscription plans provided by us). By creating your Account and expressly requesting the Services, you waive your withdrawal right, if applicable.
8. Social media and third-party platforms
The Services may include functionality that allows you to access and post content to social media and third-party platforms regarding your activities while using our Services. If you choose to use this functionality, we may:
a) have access to certain information that you make available through the social media or third-party platforms at issue, provided that the data has been made available to us under the terms and conditions and privacy policies set forth by said third parties; or
b) post status messages, notes, photos, videos, and other materials to the applicable Social Media or third-party platform on your behalf.
Subject to all the applicable third parties’ terms and conditions and privacy policies, by connecting your account with your account on a social media or third-party platform, you grant us permission to access and use the information that you make available through the social media or third party platform at issue. To manage the information provided to us, please review the privacy settings applicable to your social media or third-party platform accounts.
We are not liable for social media or third-party platform contents, products, or services. We shall have no obligation to review their contents, services, or products. You shall review all terms of use, policies, and guidelines established from time to time in said social media or platforms, and you agree to be solely responsible and liable for any claims arising as a result of sharing or posting any content to or your activity in any social media or third party platforms.
9. Representations and warranties. Disclaimer of warranties and damages
In addition to any other representations and warranties included in these STC, we both warrant and represent that we have the full power and authority to enter into these STCs and that any approvals, consents, and permissions, if any, have been obtained. In addition, you further warrant and represent that you will (i) use the Services in accordance with the provisions of these STC as well as any reasonable instructions delivered by the Company—or by any of our authorized representatives— from time to time; (ii) any contents or data used in connection with the Services will be uploaded, processed or otherwise used and acquired having obtained any necessary approvals, authorizations or licenses, and complying with any applicable laws, rules, regulations, directives and governmental requirements in the field of privacy, intellectual property and/or image rights; and (iii) provide your reasonable cooperation in the event that we need any evidence to prove before competent authorities and/or courts about the satisfaction of the requirements or consents referred therein.
To the fullest extent permitted by applicable law, the Site and the Services are provided “as is”, “with all faults” and “as available” and the entire risk of use and performance remains with you. The Company disclaims any representations, warranties, or conditions, express, implied, or statutory, including, without limitation, (i) the implied warranties of merchantability, fitness for a particular purpose, and non-infringement; and (ii) that the Services and the Site will be available or provided on an uninterrupted, error-free, timely, or secure basis, will be free be error-free or free from viruses, worms, or other harmful or malicious components. You may have additional rights under your local laws that these STC cannot supersede and, in any such cases, the Company’s liability is limited in accordance with and to the extent permissible under said local laws.
10. Limitation of liability
To the maximum extent permitted by applicable law, in no event will the Company be liable for any indirect, consequential, incidental, exemplary, punitive, or special damages, including without limitation any damages to or for loss of data, revenue, profits, goodwill, or other intangible losses arising from or relating to these STC, your Account, or the Services. To the maximum extent permitted under applicable law, this limitation will apply to all claims under all theories of law and equity.
Subject to sections 9 and 10 above, Company’s maximum, aggregate our cumulative liability to you, for direct damages or under these STC (including under sections 9 and 10 above or any other contractual obligations), tort (including negligence and statutory duty) or otherwise shall not exceed the total maximum amount equivalent to fees paid to the Company in the last twelve (12) months preceding the date in which the damage took place.
Limitation and/or exclusion of liability and warranties may be limited in certain jurisdictions. To the extent that the limitations and exclusions in sections 9, 10, and 11 cannot be enforced or are considered void or illegal, either in whole or in part, said sections shall be construed and enforced in the sense of limiting the scope, duration and/or extent of the liability and/or warranty provision at issue. Nothing in these STC shall be understood to limit or exclude your liability for the price owed in excess of any liability caps hereunder.
11. Indemnity
You shall defend, indemnify and hold harmless the Company from and against any and all losses, settlements, damages, liabilities, judgments, obligations, fines or sanctions, costs, and expenses (including reasonable attorney’s fees) (collectively “Losses”), arising out of any claim, proceeding, demand, suit or action (collectively “Actions”) brought by a third party related to (a) your use of the Site or the Services, and activities occurring under your Account; (b) any violation of these STC; or (c) your violation of any other party’s rights or applicable law.
12. Amendments to the STC
We may modify these STC from time to time. We will provide you with reasonable prior written notice of any substantial change. If you do not agree to any amendments to the STC, you shall (as your sole remedy) stop using the Site and the Services. By continuing to use the Services or the Site, you are providing your agreement to be bound by the updated Terms of the STC.
13. Modifications and updates of the Services
Due to the constant updates and changes made by the Company to improve the Services and ensure that you can use them in a seamless way and that the Services can interoperate with third-party platforms, we may add, alter, or remove functionalities from a Service at any time. Moreover, the Company may implement any updates to the Services (including security updates) which will be applicable to some or all users collectively at any time. Any modifications implemented hereunder will be applied for free.
14. Miscellanea
The illegality, invalidity, nullity, or unenforceability of any of the sections of these STC will not affect the validity of its other provisions, which shall remain in full force and effect. Such sections are to be replaced or integrated into others that, in accordance with the law, correspond to the objective of the substituted sections.
If at any time, we fail to respond to a breach of these STC by you, that failure will not waive our right to act with respect to subsequent or similar breaches. A waiver will only be binding on the Company if it is in writing and signed by the Company. These STC constitute the entire agreement between you and the Company with respect to your Account and the Services. Both you and the Company, warrant to each other that, in entering these STC, neither the Company nor you have relied on or will have any right or remedy based upon any statement, representation, warranty, or assurance other than those expressly stated in these STC.
The rights and obligations set forth in these STC (or, otherwise, of the Account) cannot be assigned to any third party without the prior written consent of the Company. Moreover, any decisions taken by the Company are final and binding.
You grant to the Company a perpetual, worldwide, royalty-free, transferable, sublicensable, non-exclusive, irrevocable license to use, reproduce, modify or transform, distribute, communicate to the public, and otherwise exploit any suggestions, ideas, enhancement requests, feedback, recommendations or other information or ideas provided by you or any third party on your behalf relating to the Services, Site, platform, deliverables, images or the software.
If you are a company, we may use your trade name and trademarks on our Site and any other promotional materials produced by us from time to time. To this extent, you grant to us a non-exclusive, non-sublicensable, royalty-free, worldwide license to use said intellectual property, it is understood, however, that we shall use said intellectual property in accordance with the industry standards.
The Services have a legal warranty period from its delivery. If an incident occurs in the contracted Services, you may communicate it to the Company by any of the means of support indicated in the following clause, and we will make a diagnosis of the incident, proceeding to its resolution.
These STC are drafted both in plain and legal jargon versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version. In the event of any conflict between the provisions of these STC and the Terms of Use, the Privacy Policy, the Data Protection Agreement, or any other terms included by reference in these STCs, the terms of the STCs shall take precedence.
15. Support, Contact, and Complaints
You can contact us in case you have any doubts, comments, or concerns by any of the following means:
By post:
Support Service
HAPPY AGILITY (UK) LTD
25/13/382, NGO's Colony B V Nagar, Nellore- 4, India.
By email:
support@happyagility.com
16. Applicable law and jurisdiction
a. General
These STC shall be governed and construed in accordance with Spanish law, without reference to its conflict of law provisions. The United Nations Convention on Contracts for the International Sale of Goods will not apply. Any dispute that may arise from or in connection to us and/or the Site or the Services shall be subject to the jurisdiction of the courts in Barcelona, Spain.
b. Consumers
If you are acting as a consumer, these STC shall be governed and construed in accordance with Spanish law, but this shall not prevent the application of those mandatory rights you are entitled to under your applicable law. The courts in Barcelona, Spain, shall have no exclusive jurisdiction in connection with any claim brought by you against the Company.
You may also access to the European Union’s online dispute resolution webpage.
Happyagility | Privacy Policy
Your privacy is important to us
This policy was last updated on September 1, 2021
1. General
This Privacy Policy describes how HAPPYAGILITY. (the “Company”, “we”, or “us”) collects uses, stores, shares and protects your personal information in connection with your use of both the platform accessible through the www.happyagility.com or www.landing.happyagility.com domain name (the “Site”) and the services we may offer through the Site from time to time, consisting in forms and other services (indistinctly referred to as the “Services”). In addition, this Privacy Policy also describes how we process information about other people that are directly or indirectly providing us services, or from people that, despite not using the Services, have contacted us or that we need to contact because of a conflict or issue with the Services or our Company.
If you are using our Services and you are interested in learning how are we processing any personal data that we collect on your behalf, please check our Data Processing Agreement in the following link.
If you are a respondent (i.e. someone that has answered a form, quiz, or questionnaire created on our platform), please note that we are not the entity responsible for the processing of data, but mere provider rendering services to the person or company that sent you the form to fill out. We suggest you carefully read the terms and conditions and privacy policy of the company or person that sent you the happyagility form, as those are the ones governing the processing of your personal data. If you have any doubts, please contact that person or company. Also, depending on how the person or company that sent you a form configures that form, your data may be shared or made public. To find out more, please contact the entity or person sending you the happyagility form.
2. Customers: how are we processing your data?
As mentioned above, if you use our Services or Site because you have created an account with us, this Privacy Policy sets forth how we are processing your personal data. You are not required to provide any personal information when using the Site unless you choose to access features that require such information (as, by way of example, subscribing to any newsletter). The use of the Services, however, requires that you sign up and create an account on the Site as described in more detail in the Service Terms and Conditions.
The personal information you provide us when using the Site and/or the Services is subject to this Privacy Policy, and you will be prompted to read and accept it. In addition, if you are a California resident, please click here and refer to the ‘CCPA Notice’ section for additional California-specific privacy disclosures that address the collection, use, disclosure, and other processing of personal information that supplement this Privacy Policy and may fall outside its scope.
Who processes personal information? (who is the ‘Data controller’)
Personal information is processed by us, an entity incorporated in accordance with the laws of India with the following contact details:
HAPPY AGILITY (UK) LTD,
13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR
Company[India Business Address - For all communications] (referred to as either "the Company", "We", "Us" or "Our" in this Disclaimer) refers to HAPPY AGILITY (UK) LTD, 25/13/382 , NGO's Colony B V Nagar, Nellore- 4, India.
What are we processing your data for and why are we processing it? (‘Purposes of data processing’, ‘legal basis of the data processing’, and ‘storage periods’)
We will process your data when we have to perform a contract, and we will be processing your data as long as the contractual relationship with you is in force and during the five years following the end of said relationship. This results in us having to process your data for purposes of providing you with both the Services, as well as to perform our obligations under the Services Terms and Conditions.
Subject to obtaining your consent, and as long as you do not withdraw any such consent, we may also process your data for the following purposes:
a) To send you electronic commercial communications (if you subscribe to a newsletter) or to answer the requests you may address us when contacting us;
b) To process information obtained through cookies, as described in more detail in the Cookie Policy, and subject to the terms set forth therein;
c) If you opt to sign in by means of a third party social media platform, we may obtain ID confirmation and other information from that third party, as mentioned in each case;
d) For profiling purposes based on your behavior and how you browse the Site and use the Services, which pages you have visited and to build audiences. Please note that we may profile users by means of cookies. In those cases, your acceptance of the installation and use of cookies results in data processing for profiling purposes, as described in this paragraph.
e) We may enrich the data we have about you by obtaining information from a select third party for data enrichment purposes, provided that you have given us prior permission. Enriching data allows us to analyze a deeper subset of data from which we may present personalized content.
Finally, we may also process your data to protect our legitimate interests, as long as said data is strictly necessary to fulfill the goals set forth below, namely:
a) To review, monitor, investigate, and analyze how to improve the Services and/or the Site, as well as to keep our Services and the Site secure and operational and prevent abusive activity (e.g. fraud, spam, phishing activities, etc.). This may include sending you forms to assess any problems in the service or know how to improve your user experience. The interests at stake are ensuring a correct and safe environment for both other users and us, taking those interests prevalence over your legitimate interests (we need to create and maintain an environment that is in accordance with the law, the legitimate interests of other parties, what other users may expect from our end, and to protect other users’ security when accessing the Site and using the Services);
b) Besides any commercial electronic and non-electronic commercial communication sent when we have obtained your consent as mentioned above, we may also send you that kind of communication when you are our client. In this last case, we will only send you information belonging to us concerning services and/or products identical or similar to the ones you have contracted with us. In these cases, we have a legitimate interest in processing your contact information to keep you informed about any of our products and services, prevailing this interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting these kinds of communications;
c) For purposes of maintaining records related to our daily operations, to any corporate reorganizations, financial management and reporting, and, in general, for operating our business. In these cases, we have a legitimate interest in processing your information to satisfy the legal requirements and the interest in performing our business and the obligations we have vis-à-vis you as agreed with you, prevailing this interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting to keep the relationship with them; and
d) Upon dissociating the data we have so as to be impossible to be associated with you or any other person, to perform statistical and other analysis on information we collect (technical and metadata) to analyze and measure user behavior and trends, to understand how people use our services, in order to improve and optimize our performance of such services, and to publish any findings.
To which extent do we require to have access to your personal data?
We need to process your personal data to perform the legal and contractual obligations mentioned above. Otherwise, we are not able to provide you with the Services and/or access to the Site. On the other hand, for data processing that depends on your consent or on our legitimate interests, data processing is not legally required.
Which companies will have access to your personal information?
We share your information with our service providers who help us to provide the Services to you, in which case those third parties are required to comply with our internal standards, policies, and technical and organizational measures that ensure that your data is protected and kept confidential at all times, and only in accordance with and to the extent authorized by this Privacy Policy.
When you authorize us to do so, we may also share your data with other companies so that they can process the data for other purposes, as explained more in detail when we request your prior consent. In addition, if you provide consent for the installation of cookies, your data may be processed by third companies for the purposes and in the territories mentioned in the Cookie Policy.
We may also share your information with competent courts and authorities when we are legally required to do so (for instance, to allow such bodies to investigate, prevent, or take action against illegal activities), or we have to take action to protect our rights or any third party rights.
Finally, please note that you may opt for creating a form in which the results are displayed not in an aggregated manner but by providing the particular answers provided by respondents. In those cases, if you opt to create a form having this functionality, the results will be shared with those third parties you opt to share them with. Please bear in mind that, depending on what you intend to do with your data, you may be required to inform or comply with further legal requirements vis-à-vis respondents.
In which territories may your personal information be processed?
Your data may be transferred, processed, and stored in countries that do not have data protection laws as protective as those in your jurisdiction. Your agreement to the terms of this Privacy Policy, followed by your submission of information in connection with the Service, represents your agreement to this international transfer of personal data.
Updating your information. Emails and commercial communications.
You can update any information we may have from you by means of the account settings area or by sending us a written communication as described in section 5 below. Please remember that it is your duty to keep the information updated so we can correctly provide you with the Services, and you undertake to verify the information you have handed us from time to time to make sure that it is accurate.
As explained in this policy, you are entitled to ask us, now or at any moment, not to send you any kind of emails or commercial communications. To that extent, you can either change the communication preferences on your account settings page or contact us as described in section 5 below. Note that this will not prevent the sending of emails or other communications related to the Services, as those communications are necessary to perform the contractual relationship we have with you.
3. Professionals and people contacting us / being contacted
If you are a professional working for us, or you have contacted us or we need to contact you because of a conflict, please be informed that this Privacy Policy sets forth how we are processing your personal data.
Who processes personal information? (who is the ‘Data controller’)
Personal information is processed by us, an entity incorporated in accordance with the laws of India with the following contact details:
HAPPY AGILITY (UK) LTD,
13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR
Company[India Business Address - For all communications] (referred to as either "the Company", "We", "Us" or "Our" in this Disclaimer) refers to HAPPY AGILITY (UK) LTD, 25/13/382 , NGO's Colony B V Nagar, Nellore- 4, India.
Contact email: support@happyagility.com
What are we processing your data for and why are we processing it? (‘Purposes of data processing’, ‘legal basis of the data processing’, and ‘storage periods’)
For professionals working with us, we will process your data to perform a contract, and we will be processing your data as long as the contractual relationship with you or the entity for which you are working is in force and during the five years following the end of said relationship.
For other people contacting us, we will be processing data based on your consent and your request to contact you back and answer a petition initially addressed to us.
Finally, we may also process data from people we need to contact because of a conflict or a breach of our rights, or other situations. This processing will take place on the basis of our legitimate interests, as long as said data is strictly necessary to review, monitor, investigate, and analyze a conflict and how to protect our assets, rights, and users. The interests at stake are ensuring the protection of both our users and us, taking those interests prevalence over your legitimate interests (we need to abide by the law, the legitimate interests of other parties, and what other users may expect from our end).
To which extent do we require to have access to your personal data?
We need to process your personal data to perform the legal and contractual obligations mentioned above. On the other hand, for data processing that depends on your consent or on our legitimate interests, data processing is not legally required.
Which companies will have access to your personal information?
We share your information with our service providers who help us operate our business, in which case those third parties are required to comply with our internal standards, policies, and technical and organizational measures that ensure that your data is protected and kept confidential at all times, and only in accordance with and to the extent authorized by this Privacy Policy.
In addition, if you browse our Site and you provide consent for the installation of cookies, your data may be processed by third companies for the purposes and in the territories mentioned in the Cookie Policy.
We may also share your information with competent courts and authorities when we are legally required to do so (for instance, to allow such bodies to investigate, prevent, or take action against illegal activities), or we have to take action to protect our rights or any third party rights.
In which territories may your personal information be processed?
We will process information from the European Economic Area. In some cases, data may also be processed from other countries, including the UK, in which case we will implement the security measures required by law. In particular, we will be signing Standard Contractual Clauses to ensure that the information is protected at all times.
4. Your rights
Either if you are a customer, a professional, or a third party, you have the right to withdraw your consent at any time. You also have the right to request access to, and rectification of, or erasure of your personal data, or restriction of processing, or to object to processing, as well as the right to data portability. Please note that if you choose to cancel your data and you are a customer, your account will be deleted and all data in your account will be permanently deleted from our systems.
5. How to contact us
5.1. Contact us at support@happyagility.com.
6. Changes to the privacy policy
We may amend this Privacy Policy from time to time. We may also notify you of material changes to this Privacy Policy, before the effective date of the changes, by sending an email or otherwise. If you do not agree to any substantial change to this Privacy Policy, you may terminate the Service Terms and Conditions.
7. Prevalence
This policy is drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.
Happyagility | Data Processing Agreement | Based in the UK
This policy was last updated on January 19, 2022.
This Data Processing Agreement entered into between you and HAPPYAGILITY (the “Company”, “we”, or “us”) regulates the particularities of data processing in connection with your use of both the platform accessible through the www.happyagility.com domain name (the “Site”) and the services we may offer through the Site from time to time, consisting in forms and other services (indistinctly referred to as the “Services”). If you are also subject to the CCPA, please check our 'CCPA Notice' here to learn which specific provisions apply to you.
1. Introduction
The processing of personal data as a result of the provision of the Services shall be subject to the provisions included in the Standard Contractual Clauses ("SCCs") indicated below, subject to the clarifications below:
• For purposes of Section 5.1 of the SCCs, you agree that you shall, in the event that the instructions are given verbally, confirm them in writing (email suffices). You further convene that any requests placed through the Services (i.e. by using the interface part of the software provided with the Services and the features made available through it) shall be considered an ‘instruction’ for purposes of this Section 5.1 and the SCCs;
• You are advised that deletion of an Account shall always result in deletion of personal data, and its request to delete the Account shall be understood as a request to delete data;
• Company shall be entitled to charge you with a reasonable fee covering the administrative costs and expenses actually faced by us for the performance of its collaboration duties under the SCCs;
• You agree that the obligation to provide information demonstrating compliance with Section 5.1.f) of the SCCs may be satisfied by Company making available to you copies of the audit reports and/or certifications undergone by the Company, such as ISO27001 or SOC2 certificates. In the event that these documents do not reasonably address your concerns, you agree that you may only conduct up to one (1) audit per year, except that there are reasonable grounds to believe that Company is not performing the obligations laid down in this document. Audits shall only be carried out during normal business hours, and you shall bear all costs except that Company is found to be in a material breach of this document;
• This Data Processing Agreements forms part of the STC entered into between you and us and, subject to its section 14, is incorporated herein by reference.
2. Standard Contractual Clauses (SCCs)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection:
Name of the data exporting organization: the person or entity subscribing to the services.
and
Name of the data importing organization: HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
Tel. …; fax …; e-mail: …: support@happyagility.com
each a "party", together "the parties" have agreed on the following Contractual Clauses (the "Clauses") in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
1. DEFINITIONS
For the purposes of the Clauses:
(a) "personal data", "special categories of data", "process/processing", "controller", "processor", "data subject" and "supervisory authority" shall have the same meaning as in EU Data Protection Laws 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) the "data exporter" means the entity who transfers the personal data;
(c) the "data importer" means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of EU Data Protection Laws 95/46/EC;
(d) the "sub-processor" means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) the "applicable data protection law" means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; and
(f) "technical and organizational security measures" means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. DETAILS OF THE TRANSFER
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 of this contract, which forms an integral part of the Clauses.
3. THIRD-PARTY BENEFICIARY CLAUSE
3.1 The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as a third-party beneficiary.
3.2 The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3.3 The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. OBLIGATIONS OF THE DATA EXPORTER
4.1 The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data, has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of EU Data Protection Laws 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transferor to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of the data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
5. OBLIGATIONS OF THE DATA IMPORTER
5.1 The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
(ii) any accidental or unauthorized access; and
(iii) any request received directly from the data subjects without responding to that request unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data, exporter to submit its data-processing facilities for an audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
6. LIABILITY
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
6.3 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
7. MEDIATION AND JURISDICTION
7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. COOPERATION WITH SUPERVISORY AUTHORITIES
8.1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
8.2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
9. GOVERNING LAW
The Clauses shall be governed by the law of the Member State in which the data exporter is established. For clarification purposes, and given that the United Kingdom is no longer considered a Member State, it is understood that the law governing the Clauses is the one from the United Kingdom (including the Data Protection Act 2018).
10. VARIATION OF THE CONTRACT
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business-related issues where required as long as they do not contradict the Clause.
11. SUB-PROCESSING
11.1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses (3). Where the sub-processor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
11.2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
11.3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely …
11.4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
12. TERMINATION OF PERSONAL DATA-PROCESSING SERVICES
12.1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
Data exporter
The data exporter is the person or entity subscribing to the services.
Data importer
HAPPYAGILITY (UK), a UK entity with a registered address at HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
Data subjects
The personal data transferred concerns the following categories of data subjects:
Respondents were selected by the data exporter.
Categories of data
The personal data transferred concerns the following categories of data:
• Identification details such as names and surnames, physical addresses, etc.
• Contact details such as emails, phone numbers, physical addresses, etc.
• Feedback such as satisfaction or issues with particular products and services, ideas for improvement of existing and introduction of new products and services, etc.
Special categories of data (if appropriate)
The personal data transferred concerns the following special categories of data:
● No special category data will be processed.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
● Data collection, saving, organization, hosting, deletion. Making the data available to the data exporter following its requirements/petitions.
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
Information Security Program (“ISP”)
The Company will maintain an ISP designed to (i) help secure personal data against accidental or unlawful loss, access, or disclosure; (ii) identify reasonably foreseeable and internal risks to security and unauthorized access; and (iii) minimize security risks, including through risk assessment and regular testing. The ISP will include the following measures:
Network Security
The Company will maintain access and transmission controls and policies to manage access to the network, including the use of authentication controls, firewalls or intrusion detection systems to ensure that only the authorized individual have access to the systems and data is transmitted without compromise to the correct recipients. The Company will maintain security incident response plans to handle potential security incidents.
Physical Security
Physical components are housed in facilities (“Facilities”) controlled by an ISO 27001 certified company (i.e. Amazon Web Services) or in Facilities that meet or exceed all of the following physical security requirements.
Physical Access Controls and Limited Access. Access to the Facilities is granted to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked.
Personal Data Security. Controls for the Protection of Personal Data.
The Company will maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data), confidentiality and integrity of personal data appropriate to the risk, including inter alia as appropriate: (i) the pseudonymization and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and (v) the principles of privacy by design and by default to ensure that processes and systems are designed such that the collection and processing of data are limited to what is necessary for the identified purpose. Such principles comprise for personal data the limit of collection, processing, accuracy and quality, minimization of objectives, de-identification, deletion & disposal at the end of processing, proper management of temporary files, retention periods & processing transmission controls. The Company regularly monitors compliance with these measures, and will not materially decrease the overall security of the data processing services during the term of the Services.
Temporary files: Temporary files training & awareness will be included in the Company's training & awareness program for employees.
Business Continuity and Disaster Recovery
The Company will maintain business continuity and disaster recovery plan based on risk. Recovery plans are tested at least annually.
Employee security
The Company will have signed confidentiality agreements with the employees and contractors. Also, all employees and contractors will have a common way to report incidents approved by the organization and they will undergo at least an annual security awareness training.
Ongoing Evaluation
The Company must reassess and update its security policies on a periodic basis. Changes must be documented.
Subprocessors
Subprocessors shall implement the same security measures as described in this Annex II.
Happyagility | Data Processing Agreement | Based elsewhere
This policy was last updated on September 1, 2021.
This Data Processing Agreement entered into between you and Happyagility (the “Company”, “we”, or “us”) regulates the particularities of data processing in connection with your use of both the platform accessible through the www.happyagility.com domain name (the “Site”) and the services we may offer through the Site from time to time, consisting in forms and other services (indistinctly referred to as the “Services”). If you are also subject to the CCPA, please check our 'CCPA Notice' here to learn which specific provisions apply to you.
1. Introduction
The processing of personal data as a result of the provision of the Services shall be subject to the provisions included in the Standard Contractual Clauses ("SCCs") indicated below, which list the obligations to which we are subject in accordance with the General Data Protection Regulation (Regulation 679/2016, “GDPR”), subject to the clarifications below:
• Should you or the processing of data you are carrying out be subject to the GDPR, sections 8.1, 8.2, 8.4, 8.5, 8.6, 8.7, 8.9, 9.(a), 9.(b) and 9.(d) of the SCCs shall apply to us as a way to provide for the mandatory contents set forth by Article 28 of the GDPR, subject to the clarifications included in the bullets below. Additionally, we will be informing you in the event that any instruction you deliver to us contradicts the GDPR or a privacy law approved by an EU Member State.
If you (or the data processing you are contemplating) are not subject to the GDPR, we will fully apply the SCCs as a way to ensure strengthened security measures to protect data. In this regard, you, as our customer, shall be considered the ‘data controller’ or the ‘data exporter’ and we, as the entity that collects and processes data on your behalf, the ‘data processor’ or the ‘data importer’ —as these terms are further defined under the SCCs and in the GDPR;
• For purposes of Section 8.1 of the SCCs, you agree that you shall, in the event that the instructions are given verbally, confirm them in writing (email suffices). You further convene that any requests placed through the Services (i.e. by using the interface part of the software provided with the Services and the features made available through it) shall be considered an ‘instruction’ for purposes of this Section 8.1;
• You are advised that deletion of Account shall always result in deletion of personal data, and its request to delete the Account shall be understood as a request to delete data under Section 8.5 and 16 of the SCCs;
• Company shall be entitled to charge you with a reasonable fee covering the administrative costs and expenses actually faced by us for the performance of its collaboration duties under Section 8.6.(d) of the SCCs;
• You agree that the obligation to provide information demonstrating compliance with Section 8.9 of the SCCs may be satisfied by Company making available to you copies of the audit reports and/or certifications undergone by the Company, such as ISO27001 or SOC2 certificates. In the event that these documents do not reasonably address your concerns, you agree that you may only conduct up to one (1) audit per year, except that there are reasonable grounds to believe that Company is not performing the obligations laid down in this document. Audits shall only be carried out during normal business hours, and you shall bear all costs except that Company is found to be in a material breach of this document;
• Subject to the obligations set forth in the SCCs, you hereby irrevocably designate and appoint Company as your agent and attorney-in-fact, which appointment is coupled with an interest, to act on its behalf to execute any agreements with subprocessors that are engaged by Company following the provisions of the SCCs, and to do all other lawfully permitted acts to further such purposes with the same legal force and effect as if executed by you; and
• This Data Processing Agreements forms part of the STC entered into between you and us and, subject to its section 14, is incorporated herein by reference.
2. Standard Contractual Clauses (SCCs)
SECTION I
Clause 1
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’) have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3
Third-party beneficiaries
(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7.
(ii) Clause 8 – Clause 8.1(b), 8.9(a), (c), (d) and (e);
(iii) Clause 9 – Clause 9(a), (c), (d) and (e);
(iv) Clause 12 –Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 – Clause 18(a) and (b);.
(b) Paragraph (a) is without prejudice to the rights of data subjects under Regulation (EU) 2016/679.
Clause 4
Interpretation
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7
Docking clause
(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
(a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular, the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organizational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due to account the state of the art, the costs of implementation, the nature, scope, context, and purpose(s) of processing, and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymization, including during transmission, where the purpose of processing can be fulfilled in that manner. In the case of pseudonymization, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organizational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management, and monitoring of the contract. It shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and an approximate number of data subjects and personal data records concerned), its likely consequences, and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular, to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offenses (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise, or defense of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with inquiries from the data exporter that relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of noncompliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Clause 9
Use of sub-processors
(a) The data importer has the data exporter’s general authorization for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 15 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfills its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the subprocessor's obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfill its obligations under that contract.
(e) The data importer shall agree on a third-party beneficiary clause with the sub-processor whereby – in the event, the data importer has factually disappeared, ceased to exist in law, or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Clause 10
Data subject rights
a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorized to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organizational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
Clause 11
Redress
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorized to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to (i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13; (ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organization, or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
Clause 12
Liability
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its subprocessor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 of Regulation (EU) 2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processors), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
(e) Where more than one party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
Clause 13
Supervision
(a) Where the data exporter is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as a competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as a competent supervisory authority. Where the data exporter is not established in an EU Member State but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behavior is monitored, are located, as indicated in Annex I.C, shall act as a competent supervisory authority. (b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to inquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination are applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorizing access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses. (b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements: (i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred; (ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards; (iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfill its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organizational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities.
15.1 Notification
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it: (i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or (ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them at the request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request. (e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimization
(a) The data importer agrees to review the legality of the request for disclosure, in particular, whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where: (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension; (ii) the data importer is in substantial or persistent breach of these Clauses; or (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses. In these cases, it shall inform the competent supervisory authority of such noncompliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of the EU Member State in which the data exporter is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The Parties agree that this shall be the law of the Kingdom of Spain.
Clause 18
Choice of forum and jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. (b) The Parties agree that those shall be the courts of the Kingdom of Spain. (c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence. (d) The Parties agree to submit themselves to the jurisdiction of such courts.
ANNEX I
A. LIST OF PARTIES
Data exporter(s): You, as identified when creating an account with HAPPYAGILITY.
Data importer(s): HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred – Any kind of data subject categories.
Categories of personal data transferred – Any kind of personal data category.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitations, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures – sensitive information may be processed, and subject to the security measures described in Annex II.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis) – Continuous basis. Nature of the processing – data collection, saving, organization, hosting, deletion. Making the data available to the data exporter following its requirements/petitions.
Purpose(s) of the data transfer and further processing –Provision of customer service services, as further detailed in the STC.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: data will be retained for as long as the data exporter requires the services. For transfers to (sub-) processors, also specify the subject matter, nature, and duration of the processing – same as above.
C. COMPETENT SUPERVISORY AUTHORITY – the one in the country in which the data exporter is located. In case the data exporter is not subject to the EU privacy laws, the Spanish Data Protection Agency.
ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Information Security Program (“ISP”)
HAPPYAGILITY will maintain an ISP designed to (i) help secure personal data against accidental or unlawful loss, access, or disclosure; (ii) identify reasonably foreseeable and internal risks to security and unauthorized access; and (iii) minimize security risks, including through risk assessment and regular testing. The ISP will include the following measures:
Network Security
HAPPYAGILITY will maintain access and transmission controls and policies to manage access to the network, including the use of authentication controls, firewalls, or intrusion detection systems to ensure that only the authorized individual has access to the systems and data is transmitted without compromise to the correct recipients. TYPEFORM will maintain security incident response plans to handle potential security incidents.
Physical Security
Physical components are housed in facilities (“Facilities”) controlled by an ISO 27001 certified company (i.e. Amazon Web Services) or in Facilities that meet or exceed all of the following physical security requirements.
Physical Access Controls and Limited Access. Access to the Facilities is granted to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to him/her, the access privileges are promptly revoked.
Personal Data Security. Controls for the Protection of Personal Data.
HAPPYAGILITY will maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data), confidentiality and integrity of personal data appropriate to the risk, including inter alia as appropriate: (i) the pseudonymization and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and (v) the principles of privacy by design and by default to ensure that processes and systems are designed such that the collection and processing of data are limited to what is necessary for the identified purpose. Such principles comprise for personal data the limit of collection, processing, accuracy and quality, minimization of objectives, de-identification, deletion & disposal at the end of processing, proper management of temporary files, retention periods & processing transmission controls. HAPPYAGILITY regularly monitors compliance with these measures, and will not materially decrease the overall security of the data processing services during the term of the Services.
Temporary files: Temporary files training & awareness will be included in HAPPYAGILITY training & awareness program for employees.
Business Continuity and Disaster Recovery
HAPPYAGILITY will maintain business continuity and disaster recovery plan based on risk. Recovery plans are tested at least annually.
Employee security
HAPPYAGILITY will have signed confidentiality agreements with the employees and contractors. Also, all employees and contractors will have a common way to report incidents approved by the organization and they will undergo at least an annual security awareness training.
Ongoing Evaluation
HAPPYAGILITY must reassess and update its security policies on a periodic basis. Changes must be documented.
Subprocessors
Subprocessors shall implement the same security measures as described in this Annex II.
ANNEX III
LIST OF SUB-PROCESSORS
The company shall be entitled to seek the assistance of its affiliates HAPPYAGILITY , conducting business in the US and having a registered address at HAPPY AGILITY (UK) LTD, 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.. These companies are providing engineering and customer success support services.
Happyagility | CCPA Notice
Effective Date: January 1, 2021.
These Additional California Privacy Disclosures (the “CA Disclosures”) supplement the information contained in our Privacy Policy and apply solely to individual residents of the State of California (“consumers” or “you”).
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Policy or as otherwise defined in the CCPA.
Personal Information Disclosures
When we use the term “personal information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
For the purposes of these CA Disclosures, personal information does not include:
• Publicly available information from government records.
• Deidentified, aggregated, or anonymized data (not capable of being associated with or linked to you).
• Information relating to our job applicants, employees, contractors, and other personnel of Happyagility, which is not governed by these CA Disclosures.
• Certain information that we process solely on behalf of our business customers as a “service provider,” which includes information relating to respondents that fill out forms sent to them by our customers – please refer to CCPA Notice - Happyagility as a Service Provider section here.
• Information excluded from the CCPA's scope, such as (i) Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; (ii) Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Collection and Use of Personal Information
We collect various categories of personal information in connection with our services. Please review our Privacy Policy to learn more about the personal information we collect.
In the last 12 months we have collected the following categories of personal information:
• Identifiers, such as name, address, email address, account information, or other similar identifiers. These are collected directly from you, our business partners and affiliates, your browser or device, and third parties you direct to share information with us.
• California Customer Records (Cal. Civ. Code § 1798.80(e)), such as financial information. These are collected directly from you, our business partners and affiliates, and third parties you direct to share information with us.
• Commercial Information, such as information about products or services purchased or considered and your use of our services. These are collected directly from you, and third parties you direct to share information with us.
• Internet/Network Information, such as log data and analytics data (including your usage and activity on our website). These are collected from your browser or device.
• Geolocation Data, such as your general geographic location based on the log data. These are collected from your browser or device.
• Sensory Information, such as audio recordings of phone calls you have with us or photographs and video footage you choose to provide or we otherwise record as permitted by law. These are collected directly from you.
• Professional/Employment Information, such as current occupation, job title, company/employer, industry, and employment history. These are collected directly from you and third parties you direct to share information with us.
• Other Personal Information, such as messages or requests you provide to us directly or through a third-party service, such as social media. These are collected directly from you, our business partners and affiliates, and third parties you direct to share information with us.
• Inferences, including information generated from your use of our websites reflecting your preferences. These are collected from your browser device, and form information generated or derived from the personal information described above.
The business purpose for the information collected as above is as follows:
(i) To provide you with and manage access to our products and services, audit the transactions in our platform and manage the relationship with our users;
(ii) To communicate with you, including via email, push notification, and/or social media;
(iii) To operate, evaluate, secure and improve our business;
(iv) To enhance our products and services;
(v) To recognize you and remember your information when you return to our website and services;
(vi) To develop and carry out marketing campaigns and activities;
(vii) For debugging existing intended functionality;
(viii) For testing, training, research, analysis, and product development, including to develop and improve our products and services;
(ix) To detect and protect against security events;
(x) To defend, protect or enforce our rights or applicable terms of service;
(xi) To comply with the legal process and our legal obligations; and
(xii) As otherwise provided in our agreements with you.
Disclosure of Personal Information
In the last 12 months, we have not sold personal information about you, but we have disclosed all of the categories of personal information we collect, explained in the table above, to our affiliate and to third parties for business purposes.
Note about “Sales”: We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analyzing and optimizing our services and ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Cookie Policy for more information including how you may be able to exercise your rights to opt-out of cookies, analytics, and personalized advertising.
Recipients of Personal Information
As described in our Privacy Policy, we share personal information with our affiliates and with a variety of third parties for business purposes. Please refer to our Privacy Policy for further information.
Your California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the Personal Information about you that we have collected (subject to certain limitations at law):
The Right to Know
You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity:
• The specific pieces of personal information we have collected about you;
• The categories of personal information we have collected about you;
• The categories of sources of the personal information we have collected about you;
• The categories of personal information that we have disclosed about you to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
• The categories of personal information we have sold about you (if any), the categories of third parties to whom this information was sold; and
• The business or commercial purposes for collecting or, if applicable, selling personal information about you.
The Right to Request Deletion
You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Opt-Out of Personal Information Sales
You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.
If you are under the age of 16, you have the right to opt-in, or to have a parent or guardian opt-in on your behalf, to such sales.
The Right to Non-Discrimination
You have the right not to receive discriminatory treatment for exercising any of the rights described above.
However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you with our products or services or engage with you in the same manner.
How to Exercise Your California Privacy Rights
To Exercise Your Right to Know or Right to Deletion
To exercise your right to know and/or right to deletion, please submit a request by emailing support@happyagility.com with the subject line “California Rights Request”.
We will need to verify your identity before processing your request. In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise the right to know and/or the right to deletion that personal, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity.
To Exercise Your Right to Opt-Out of Personal Information Sales
As noted above, we do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analyzing and optimizing our services and ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Cookie Policy for more information including how you may be able to exercise your rights to opt-out of cookies, analytics, and personalized advertising.
Updates to These CA Disclosures
We will update these CA Disclosures from time to time. When we make changes to these CA Disclosures, we will change the "Last Updated" date at the beginning of these CA Disclosures. If we make material changes to these CA Disclosures, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
Contact Us
If you have any questions or requests in connection with this Notice or other privacy-related matters, please send an email to support@happyagility.com.
Happyagility | CCPA Notice - Happyagility as a Service Provider
Effective Date: January 1, 2020.
This notice confirms that Happyagility (“us”, “we” or the “Company”) will act as a Service Provider as such term is defined in the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. and implementing regulations (the “CCPA”). We will collect, access, maintain, use, process and transfer personal information, as that term is defined by the CCPA (“CCPA Personal Information”) solely for the purpose of performing our obligations under the Service Terms and Conditions and as further described in our Privacy Policy, on your behalf and for no commercial purpose other than the performance of such obligations.
We shall not sell, disclose, release, transfer, make available, or otherwise communicate any CCPA Personal Information to any third party without your prior written consent. Notwithstanding the foregoing, nothing shall restrict our ability to disclose CCPA Personal Information (i) to a Subcontractor for a business purpose pursuant to a written agreement to protect CCPA Personal Information in the same manner as provided herein and in the Privacy Policy, (ii) to a third party as necessary to comply with applicable laws, or (iii) as otherwise permitted by the CCPA.
We will delete and permanently destroy CCPA Personal Information (i) upon your written request by you, and (ii) upon the termination of this Agreement. We shall at all times remain responsible for compliance with its obligations to protect CCPA Personal Information in accordance with this notice and our Privacy Policy and will be liable to you for the acts or omissions of any subcontractor or other third party to whom we have disclosed or permitted to access CCPA Personal Information as if they were our acts or omissions.
Happyagility | Cookie Policy
Effective Date: June 15, 2021. In case of new sign-ups or first use of the Site, May 22, 2021.
The platform accessible through the www.happyagility.com or www.landing.happyagility.com domain name (the “Site”) is provided by HAPPYAGILITY (hereinafter referred to as “us”, “we” or the “Company”), a UK entity with a registered address at 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR. For purposes of ensuring that the Site and any services provided through the Site can be used by you, we and third parties install and use cookies. This Cookie Policy (the “CP”) is aimed at providing information on the cookies used and how to disable them.
You may contact us should you have any questions regarding this CP by sending an email to support@happyagility.com.
1. What are cookies?
Cookies are small text files that are generated when you access the Site and that collect your browsing information. All cookies used by us are safe for your computer and only process information which is stored on your internet browser. Our cookies cannot execute code, do not contain malware or viruses, and cannot be used to access content on your computer.
2. What types of cookies do we use?
We use our own and those of third parties, as described below:
Strictly necessary cookies are those cookies needed to ensure you can access the Site, and browse it securely. These cookies are strictly necessary, as the use and access to the Site and the services provided through the Site require them. They also protect us from any fraudulent use of the Site or our services, verify that anyone using your account is actually you, and protect your data from any unauthorized users. For instance, technical cookies are those relating to the communication and exchange of data, or those required to verify your identity when you sign in to your account.
We use third-party cookies for the purposes mentioned above. Said cookies are installed, used, and owned by:
Stripe, Inc., a US entity with a registered address at 510 Townsend Street, San Francisco, California, 94103 (United States of America). To know more about Stripe’s cookies, please visit its cookies and privacy policies, as available here. Please note that the processing of data by Stripe may entail the international transfer of data outside the European Union, as further described in the link above.
Cookies that remember your settings (functional cookies): are those cookies that are installed and used to adapt the Site and the services offered by us to your preferences, such as language, or the look and feel of the Site. You can opt to block or limit the installation and use of these cookies as explained in the section ‘How can you block or delete cookies’ below, and this shall not impact the usability or functionalities of the Site and/or the services, but your preferences will be lost.
Cookies that measure website use (analytics cookies): are those cookies used for tracking, monitoring, and analyzing how you browse and interact with the Site and our services. They reveal usage trends as well as which users upgrade the services rendered by us and how is this done. You can opt to block or limit the installation and use of these cookies as explained in the section ‘How can you block or delete cookies’ below, and this shall not impact the usability or functionalities of the Site and/or the services.
Cookies that help with our communications and marketing (advertising and profiling cookies): refers to cookies aimed at tracking, monitoring, and analyzing how you browse and interact with the Site and our services, as well as segment our users based on their behavior and how they browse the site, and to build audiences. They reveal usage trends as well as which users upgrade the services rendered by us and how is this done. All those actions are aimed at better understanding our users to improved communications and marketing strategies. You can opt to block or limit the installation and use of these cookies as explained in the section ‘How can you block or delete cookies’ below, and this shall not impact the usability or functionalities of the Site and/or the services.
3. How can you block or delete cookies?
You can allow, block, or delete cookies at any time by configuring your browser settings, as well as by means of the cookie banner. As mentioned in section 2 above, blocking or deleting some cookies may impact your ability to access and/or use the Site or the services offered by us. You can find more information on how to block or deactivate cookies below:
Internet Explorer
Safari
Chrome
Firefox
4. Prevalence
This policy is drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.
Happyagility | Payment Terms & Conditions
This policy was last updated on September 1, 2021.
This document (the “PTC”) sets forth the terms and conditions under which the services are provided through the www.happyagility.com or www.landing.happyagility.com domain name (the “Site”) and offered by HAPPYAGILITY (the “Services”) are to be paid and invoiced. HAPPYAGILITY (“us”, “we” or the “Company”) is a UK entity with a registered address at 13 FINEFILED WALK, SLOUGH, BERKSHIRE, UNITED KINGDOM, SL12QR.
Company[India Business Address - For all communications] (referred to as either "the Company", "We", "Us" or "Our" in this Disclaimer) refers to HAPPY AGILITY (UK) LTD, 25/13/382 , NGO's Colony B V Nagar, Nellore- 4, India.
You may contact us by sending an email to support@happyagility.com.
1. General
We reserve at any time the right to require payment of fees for certain or all Services. You shall pay all applicable fees, as described on the Site, in connection with those of our Services selected by you. We reserve the right to change the price and to institute new charges at any time upon notice to you (i.e. on the website and/or by email).
By continuing to use or access the Services after such changes come into effect, you agree to be bound by the new or increased charges.
Any fees paid hereunder are non-refundable.
Subject to applicable legal requirements, failure to pay fees may result in the suspension or termination of your Account, as this term is further described in the Service Terms and Conditions, and may further result in a loss of your data associated with the use of the Services.
2. Price
The prices for the Services exclude VAT and any other taxes, as applicable. VAT is the value-added tax that must be applied to the Services sold within the European Union (EU). If you are located within Spanish territory, VAT must be paid in all cases. If you are located within the EU and you have received a VAT number issued by a member State of the European Union, you may use your VAT number when making payment and, thus, you may be exempted from paying VAT. For Indian customers, The price we charge exclude GST.
3. Payment
Payment of the Services is to be made by credit or debit card, and any amounts due are payable upon the plan or add-on subscription (net 0). Payments are processed by means of a third party, which is certified in accordance with PCI Level 1 requirements. Therefore, we have no access to payment information, nor subsequently store said piece of information.
You must update the payment information provided to us from time to time, in order to ensure that it's accurate and up-to-date. Should payment not be processed because you fail to meet the obligations set forth in this section, your access to or use of the Services may be suspended or terminated, as described in more detail in section 6 of the Service Terms and Conditions. Therefore, you warrant and represent that you will only submit payment information that is valid and that you are authorized to use.
4. Invoicing and reimbursements
The Services are invoiced in advance, with monthly or annual frequency, depending on the period contracted. You expressly authorize us to issue electronic invoices for the Services, that will be sent to the email address you provided when creating your Account.
Fees are nonrefundable. We will not refund any amount nor grant any credit for contracts (including any add-ons you may have purchased from time to time) that are canceled before reaching their end date.
5. Automatically upgrading your plan
If you are under a paid plan, you may opt to automatically upgrade to the next available plan in the event that you reach the response limits covered by the subscription you initially purchased. This feature is available on the 'Settings' menu and, if so activated, you will be expressly authorizing us to charge you for the difference between your then-current plan and the plan you are updating to, prorated to the remaining days of your subscription term. The paid plan to which you have been upgraded will be auto-renewing on a rolling basis, as further explained in the Services Terms and Conditions.
6. Prevalence
These Payment Terms and Conditions are drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.
Happyagility | Developer Terms & Conditions
Effective Date: June 15, 2021. In case of new sign-ups or first use of the Site, May 22, 2021.
These Developer Terms and Conditions set forth the provisions under which you may use APIs to integrate the Site and the databases resulting from the use of the Services to your own apps or products (the ‘Integrations’). Note that the use of Integrations is fully subject to the Service Terms and Conditions, which shall apply by reference. Without limiting the foregoing, your use of an Integration is subject to the limitations mentioned in section 3.b above.
1. The use of the APIs and the development of Integrations is free of charge. We reserve the right, however, to change the pricing policy by providing you reasonable notice;
2. The APIs are provided “as is”, “with all faults” and “as available” and the entire risk of use and performance remains with you, subject to the terms and conditions set forth in clause 9 of the Service Terms and Conditions;
3. You warrant and represent that you are not a direct competitor of the Company;
4. We make no representations or warranties to you or to any other user of the Services in the sense of the Integrations being suitable or adequate to the Service, ensuring a safe transfer of data, or preventing any damages. You shall not present yourself as an entity certified by the Company or endorsed in any way by us, except when authorized to do so in writing;
5. You further acknowledge and agree that neither the Company nor any of the companies part of its corporate group shall be obliged to offer you support services, nor to update the Services or amend them to ensure a correct or improved interaction between the Site and your Integration;
6. You undertake to make a good faith and reasonable use of the Integrations, in accordance with industry standards, so that the Services are not negatively impacted or impeded, hindered or otherwise obstructed;
7. You undertake to defend, hold the Company, its officers, directors, employees, agents, partners, suppliers, and/or licensors harmless, and keep them indemnified from and against any claim, loss, expense, liability, damage, or demand, including reasonable attorney’s fees, relating to, arising from, or allegedly arising from (a) the use of the Integration you have created or that you are using, including among other any claims regarding the breach by the Integration or your use of the Integration of any third party intellectual property rights or any other rights; (b) the secure transfer of data, including confidential information and personal data; or (c) compliance with any applicable laws and regulations to the Integration and the subsequent use of the information you may have collected, including without limitation personal data protection laws.
8. You may use Happyagility's trademarks as depicted at www.happyagility.com. However, you shall use them in accordance with industry standards, and in a way that does not harm the Company's image or reputation, or the image and reputation of the Company's products and services and other third parties related to the Company. You shall follow any instructions given by the Company.
These Developer Terms and Conditions are drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.