Terms of Service
Last updated: 31.07.2024
These Terms of Service (“ToS”) together with the documents listed in the next sentence comprise an entire Agreement (the “Agreement”) between the Supplier and an entity using and/or ordered Services (the “Client”) and supersedes all prior or contemporaneous understandings, agreements, negotiations, representations and warranties, and communications, both written and oral, with respect to the subject matter of the Agreement. If any provisions of those documents cannot be read in any manner other than a one that produces an irreconcilable conflict between or among them, the following hierarchy of precedence will control for purposes of interpreting and applying the provisions of these ToS: (1) first, additional terms and conditions as may be provided on our Website, (2) second, Data Processing Agreement, attached to these ToS as Annex 1; and (3) third, these ToS.
The Present Agreement is a binding legal agreement between the Supplier and the Client where the Supplier agrees to provide, and the Client agrees to buy, the GPS-TRACE Software as a Service, and related services, on the terms of the Agreement. Capitalised terms used in this Agreement and not otherwise defined shall have the meanings given such terms in ToS.
The Agreement comes into force from the date of full and unconditional acceptance of the Agreement [i.e., confirmation from the Client who received the offer of its consent to enter into this Agreement] by the Client without any exemptions and reservations, or the date of any action made by the Client that indicates the Client’s consent with the terms of this Agreement.
The fact of unconditional acceptance of the Agreement by the Client of the terms of this Agreement and the fact of accession to the Agreement is to purchase the Services either through the SaaS Service; or accessing or using of any function, feature, service of SaaS Services [or by clicking to accept or agree and abide by this Agreement when this option is made available to the Client or take similar action to signify Client’s unconditional acceptance of this Agreement]; or making any prepayment for the Services (whichever occurs earlier). The date of occurrence of any of the above events is considered the date of conclusion of the Agreement.
GENERAL TERMS
1 INTERPRETATION
1.1 Definitions: In the Agreement, the following terms have the stated meaning:
Affiliate |
in relation to a party, is any entity that directly or indirectly controls, is controlled by, or is under common control with that party from time to time and “control” means the beneficial ownership of more than 50% of the issued share capital of a company or the legal power to direct or cause the direction of the general management of the company, and controls, controlled and the expression change of control shall be construed accordingly. |
Agreement |
has the meaning as defined in the recitals of the ToS. |
Application Programming Interface (“API”) |
means set of protocols, routines, software libraries, sample code, tools, documentation for building software and applications that Supplier makes available to the Client which enables interactions with SaaS Service. |
Confidential Information |
means any information that is not public knowledge and that is obtained from the other party in the course of, or in connection with, the Agreement. Intellectual Property owned by the Supplier (or its licensors), including but not limited to, GPS-TRACE Software, API, is the Supplier’s Confidential Information. |
Client Data |
means all data, content, and information (including Personal Data) owned, held, used or created by or on behalf of the Client or its Permitted Users that is stored using, or inputted into, the Services but excluding (i) settings and set of parameters that are being used by the Client or its Permitted Users within the Services, (ii) any aggregated and/or anonymized information on the orders, locations, traffic conditions, speed and any properties of any Units, (iii) any generalised cache files calculated based on input data or (iv) any analytics data relating to the use of the Services and server log files. |
Fees |
means the fees indicated within the tariff plan(s) and/or other fees visible for the Client in its’ via Client’s personal account at https://legal.gurtam.com/gps-trace/ssc, as updated from time to time in accordance with clause 5.5, as well as any additional fees to be charged by the Supplier in accordance with the Agreement, as updated from time to time in accordance with clause 5.5. |
Force Majeure Event |
means an event, or a series of related events, that is beyond the reasonable control of a party, including, but not limited to, failures of the internet or any public telecommunications network, failures of hardware, hacker attacks, denial-of-service attacks, virus or other malicious software attacks or infections, industrial disputes affecting any third party, changes to the law, disasters, explosions, endemics, pandemics, fires, floods, civil disturbances, sabotage, blockades, insurrections, vandalism, riots, terrorist attacks and/or wars (declared or undeclared), embargoes, licensing (services supplying) controls or production or distribution restrictions, but excluding:
|
GPS-TRACE Software |
means the software owned by the Supplier (and its licensors) that is used to provide the SaaS Service. |
Intellectual Property Rights |
includes copyright and all worldwide rights conferred under statute, common law or equity relating to inventions (including patents), registered and unregistered trademarks and designs, circuit layouts, data and databases, confidential information, know how, trade secrets and all other rights resulting from intellectual activity. Intellectual Property has a consistent meaning, and includes any enhancement, modification or derivative work of the Intellectual Property. |
Objectionable |
includes being objectionable, defamatory, obscene, harassing, threatening, or unlawful in any way. |
Permitted Users |
means those (a) Client’s employees and (b) Client’s customers who are authorised by the Client to use the SaaS Service, such use to be solely in accordance with the terms and conditions of the Agreement. The Client shall at all times be responsible for its Permitted Users’ compliance with this Agreement. |
Personal Data |
has the meaning given in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). |
Related Services |
means any related service which could be described on the Website and/or any further services that the Supplier agrees to provide to the Client under the Agreement, including license to use API. |
SaaS Service |
means the cloud-based GPS-TRACE Software designed for tracking vehicles, equipment and other units. The SaaS Service is described in more detail on the Website, as the Website is updated from time to time. |
Sanction |
means any sanction administered or enforced by the United States, the United Nations Security Council, the European Union, any European Union member state, the United Kingdom, or other relevant sanctions authority, including diplomatic, travel, trade, financial sanctions or embargoes. |
Sanctioned Entity |
means a person, entity or country who is subject to a Sanction. |
Services |
means the SaaS Service and any Related Service together. |
Start Date |
means date of conclusion of this Agreement. |
Supplier |
means Gurtam UAB, a company registered and operating under the laws of the Republic of Lithuania with the details specified in clause 13.12. |
Territory |
means the geographical territory which could be defined in the Client’s account at https://legal.gurtam.com/gps-trace/ssc according to the relevant tariff plan chosen by the Client prior to the actual Services use. |
Underlying Systems |
means the GPS-TRACE Software, IT solutions, systems and networks (including software and hardware) used to provide the Services, including any third party solutions, systems and networks. |
Unit |
means a physical vehicle, asset, machinery (including stationary), person, or animal tracking or asset tracking device, using the SaaS Service by Client or its Permitted User, which sends location and other information to the SaaS Service. |
Website |
means the Internet site https://legal.gurtam.com/gps-trace, or such other site notified to the Client by the Supplier. |
Year |
means a period starting on the Start Date and ending on December 31st of the same year as the Start Date in the first Year and, after the first Year, in the next calendar year. |
1.2 Interpretation: In the Agreement:
(a) clause and other headings are for ease of reference only and do not affect the interpretation of the Agreement;
(b) words in the singular include the plural and vice versa;
(c) a reference to:
(i) a party to the Agreement includes that party’s permitted assigns;
(ii) personnel includes officers, employees, contractors and agents, but a reference to the Client’s personnel does not include the Supplier;
(iii) a person includes an individual, a body corporate, an association of persons (whether corporate or not), a trust, a government department, or any other entity;
(iv) including and similar words do not imply any limit; and
(v) a statute includes references to regulations, orders or notices made under or in connection with the statute or regulations and all amendments, replacements or other changes to any of them;
(d) no term of the Agreement is to be construed against a party because the term was first proposed or drafted by that party.
2 SERVICES
2.1 General: The Supplier shall use best efforts to provide the Services:
(a) in accordance with the Agreement;
(b) exercising reasonable care, skill and diligence; and
(c) using suitably skilled, experienced and qualified personnel.
2.2 Non-exclusive: The Supplier’s provision of the Services to the Client is non-exclusive. Nothing in the Agreement prevents the Supplier from providing the Services to any other person.
2.3 Availability:
(a) Subject to clause 2.3(b), the Supplier will use reasonable efforts to ensure the SaaS Service and/or API are available. However, it is possible that on occasion the SaaS Service and/or API may be unavailable to permit maintenance or other development activity to take place, or in the event of Force Majeure. The Supplier will use reasonable efforts to publish on the https://legal.gurtam.com/gps-trace/noc advance details of any unavailability.
(b) Through the use of web services and APIs, the SaaS Service interoperates with a range of third-party service features. The Supplier does not make any warranty or representation on the availability of those features. Without limiting the previous sentence, if a third-party feature provider ceases to provide that feature or ceases to make that feature available on reasonable terms, the Supplier may cease to make available that feature to the Client. To avoid doubt, if the Supplier exercises its right to cease the availability of a third-party feature, the Client is not entitled to any refund, discount or other compensation.
2.4 Fit for Purpose: The Client agrees that it does not rely on the skill or judgement of the Supplier in relation to the suitability of any Services for a particular purpose. Any advice, recommendation, information or assistance provided by the Supplier is provided without any liability by the Supplier whatsoever. The Client represents that before entering into the Agreement it had the opportunity to and thoroughly analysed (with the help of experts of relevant fields, if necessary) the SaaS Service and its functions and considers the SaaS Service to be completely suitable for its purposes, as well as the Client waives from any claims to the Supplier concerning functional capabilities of SaaS Service.
2.5 Underlying Systems: The Supplier shall use best efforts to procure all Underlying Systems reasonably required for it to provide the SaaS Service in accordance with the Agreement.
2.6 Additional Related Services:
(a) The Supplier may, from time to time, make available additional services to supplement the SaaS Service.
(b) At the request of the Client and subject to the Client paying the applicable Fees, the Supplier may agree to provide to the Client an additional Related Service on the terms of the Agreement.
2.7 API License: Subject to the terms and conditions of these ToS, the Supplier grants the Client a non-exclusive, limited, worldwide, non-assignable, non-transferable, revocable license to access and/or use API solely for the purpose of integrating the Client’s applications with the SaaS Service in accordance with documentation and guidelines provided.
3 CLIENT OBLIGATIONS
3.1 General use: The Client shall, and shall cause each of its Permitted Users to use the Services:
(a) in accordance with the Agreement;
(a) within the Territory if it is prescribed by the relevant tariff plan chosen by the Client prior to the actual Services use.
3.2 Access conditions: When using the SaaS Service and/or at any time, the Client shall, and shall cause each of its Permitted Users:
(a) not impersonate another person or misrepresent authorisation to act on behalf of others or the Supplier;
(b) correctly identify the sender of all electronic transmissions;
(c) not attempt to undermine the security or integrity of the Underlying Systems;
(d) not use, or misuse, the SaaS Service in any way which may impair the functionality of the Underlying Systems or impair the ability of any other user to use the SaaS Service;
(e) not modify the structure of the SaaS Service and/or Underlying Systems and/or its databases the composition of data contained therein unless such actions are permitted by the SaaS Service, not split the SaaS Service and/or Underlying Systems into its component parts;
(f) not perform any actions aimed at restoring or discovering the source code of the SaaS Service and/or Underlying Systems;
(g) not block the operation of technical means of copyright protection of the SaaS Service and/or Underlying Systems;
(h) not break the technology, not disassemble or otherwise attempt to extract the source code of the SaaS Service and/or Underlying Systems;
(i) not make any changes to the source code of the SaaS Service and/or Underlying Systems, or change the functionality of the SaaS Service;
(j) not modify or create any derivative products based on SaaS Service and/or Underlying Systems or any of its elements (including, but not limited to, audiovisual part and the source code);
(k) not attempt to view, access or copy any material or data other than that to which the Client is authorised to access;
(l) neither use the SaaS Service in a manner, nor transmit, input or store any Client Data, that breaches any third party right (including Intellectual Property Rights and privacy rights) or is Objectionable, incorrect or misleading; and
(m) comply with any terms of use on the Website, as updated from time to time by the Supplier.
3.3 API Access Conditions: When accessing and/or using the APIs and/or at any time, the Client shall, and shall cause each of its Permitted Users:
(a) not to use API to gain unauthorized access to any service, device, server, or network connected to or accessible through the API;
(b) not perform an action with the intent of introducing to Services any viruses, worms, defects, Trojan horses, malware or any items of a destructive nature;
(c) not to use API in the way that violates applicable law or for illegal activities, harassment, spamming or not to perform any activities that violate these ToS;
(d) not to reverse engineer, decompile or disassemble the API, not to attempt to extract the source code from API;
(e) not to use APIs in a way that could impair, harm or damage Services or anyone’s use of the Services;
(а) not to use APIs in any manner that works around any technical limitations of the APIs, not to attempt to circumvent API calls limitations;
(g) not to use APIs for the purposes of migrating Permitted Users away from Services, except in connection with use of APIs by Client’s application and/or unless expressly permitted by the Supplier in writing;
(h) implement and maintain appropriate security measures to protect data accessed via the API and not to compromise the security or integrity of the API;
(i) comply with all applicable data protection laws and regulations, ensuring the proper handling and protection of any Personal Data accessed through the API;
(j) not to use unreasonable amount of bandwidth or engage in activities that adversely impact the stability or performance of the API or other applications using the API;
(k) not to use API for high-risk and/or any other activities where the failure of the API could lead to death, personal injury, environmental damage (such as, including, air traffic control, life support systems);
(l) not to use the API or any data obtained through the API to identify, exploit or publicly disclose potential security vulnerabilities.
The Client may not sell, rent, lease, sublicense, redistribute or syndicate access to APIs to any third parties and/or use API in any way which may, directly or indirectly, undermine Supplier’s business interests.
3.4 Permitted Users:
(a) The Client shall and shall cause each of its Permitted Users to ensure that no third party other than a Permitted User may access or use the SaaS Service.
(b) The Client must procure each Permitted User’s compliance with clauses 3.1 and 3.2 herein and any other reasonable condition notified by the Supplier to the Client.
(c) A breach of any term of the Agreement by the Client’s Permitted User is deemed to be a breach of the Agreement by the Client.
3.5 Authorisations: The Client is responsible for procuring all licences, authorisations and consents required for it and its Permitted Users to use the Services, including to use, store and input Client Data into, and process and distribute Client Data through, the Services.
3.6 Compliance with Laws: When using the Services the Client shall, and shall cause each of its Permitted Users to comply with laws and regulations applicable to the use of the Services. Before acquiring the Services, the Client has satisfied itself that: (i) the Services are appropriate for its purposes, and (ii) the use of the Services as contemplated in this Agreement will not infringe any law, regulation, judgement or order applicable to the Client.
3.7 Sanctions Compliance: The Client acknowledges and agrees that the Supplier may take necessary actions to ensure compliance with applicable Sanctions and regulations. The Client also agrees to not use the Services in any manner that would cause the Supplier to violate any Sanction. The Client undertakes not to provide, directly or indirectly, Services to Sanctioned Entities, as well as not to authorise them to use and/or access the Services in any form. The Client undertakes to reimburse the Supplier in full for the damages incurred by the Supplier in connection with a violation by the Client of this clause.
3.8 Access Restrictions: The Supplier reserves the right to implement technical measures to restrict access to the Services for any Sanctioned Entities or within the territories of countries that are subject to Sanctions. These measures may include, but are not limited to, restricting or suspending the Client’s access to the SaaS Service, suspending Permitted Users’ accounts, blocking IP addresses, and preventing transactions involving the Services.
3.9 API Call Limitations: The Supplier reserves the right to limit the number of periodic API calls the Client and/or Permitted Users are allowed to make.
4 DATA
4.1 Supplier access to Client Data:
(a) The Client acknowledges that:
(i) the Supplier may require access to the Client Data to exercise its rights and perform its obligations under the Agreement; and
(ii) to the extent that this is necessary but subject to clause 7, the Supplier may authorise a member or members of its and/or its Affiliate’s personnel to access the Client Data for this purpose.
(b) The Client must arrange all consents and approvals that are necessary for the Supplier to access and process the Client Data as described in these ToS prior to providing such Client Data to the Supplier and shall at all times comply with its respective obligations under all applicable data protection laws in connection with this Agreement. The Client will neither take any action, nor fail to take any action, that will put the Supplier in breach of its obligations under any data protection laws, as applicable.
4.2 Personal Data: The parties agree that the Data Processing Agreement attached to these ToS as Annex 1 and the privacy policy on the Website shall govern the processing of the Personal Data by the Supplier as processor on behalf of the Client.
4.3 The Client agrees that the Supplier may store the Client Data (including any Personal Data) in secure servers in Lithuania and/or any other country in which the Supplier or any of its Sub-Processors (as defined in clause 1 of the Annex 1 to these ToS) maintains facilities.
4.4 Indemnity: The Client indemnifies the Supplier against any liability, claim, proceeding, cost, expense (including the actual legal fees charged by the Supplier’s solicitors) and loss of any kind arising from any actual or alleged claim by a third party that any Client Data infringes the rights of that third party (including Intellectual Property Rights and privacy rights) or that the Client Data is Objectionable, incorrect or misleading.
5 FEES
5.1 Fees: The Client must pay to the Supplier the Fees according to the chosen tariff plan(s) in the Client’s personal account at https://legal.gurtam.com/gps-trace/ssc prior to the actual Services use. Prior to the actual Services use, the Client has familiarised itself with the Fees.
5.2 Invoicing and payment:
(a) The Supplier will provide the Client with valid VAT invoices monthly in arrears for the Fees due.
(b) The Fees exclude VAT, which the Client must pay on taxable supplies under the Agreement.
(c) The Client must pay the Fees:
(i) by the 15th of the month following the period of rendering the Services invoiced for; and
(ii) electronically in cleared funds without any set off or deduction by details and payment method determined by respective invoice; The Fees are exclusive of all charges and taxes; if the Client is required by law to make any deduction or withholding from any amount paid or payable to the Supplier (a Tax Deduction) the Client must pay to the Supplier such additional amount as is necessary to ensure that, after the Tax Deduction (including any Tax Deduction in relation to any payment made under this sub-clause (c)), the Supplier receives and retains (free of any liability in respect of any such Tax Deduction) the full amount that it would have been entitled to receive and retain if no Tax Deduction had been required.
5.3 Overdue amounts: The Supplier may charge interest on overdue amounts. Interest will be calculated from the due date to the date of payment (both inclusive) at an annual percentage rate equal to the corporate overdraft reference rate (monthly charging cycle) applied by the Supplier’s primary trading bank as at the due date (or, if the Supplier’s primary trading bank ceases to quote that rate, then the rate which in the opinion of the bank is equivalent to that rate in respect of similar overdraft accommodation expressed as a percentage) plus 4% per annum.
5.4 Discounts: The Supplier may from time to time apply discounts to the Client under the terms and conditions determined solely by the Supplier; such discounts, their terms, and conditions could be sent by the Supplier to the Client by email and/or made known to the Client via Client’s personal account at https://legal.gurtam.com/gps-trace/ssc. Payment of any invoice with discount shall be considered as the Client’s acceptance of the discount terms and conditions. The Supplier shall have the right to unilaterally terminate the discount(s) at any time without giving any explanation or justification for such termination by giving the Client at least three (3) calendar days’ notice.
5.5 Fees Change: By giving at least thirty (30) calendar days’ notice, the Supplier may change the Fees (as well as any condition of tariff plan(s) and/or terminate previous tariff plan(s) and propose new one(s) to the Client). Continued use by the Client of the Services after such Fees’ changes come into effect constitutes a binding acceptance of changed Fees by the Client.
5.6 Prepayment: Prepayment is allowed in the process of payments settlement under the Agreement. In such a case, payments processed in the course of prepayment are counted toward the Fees for Services rendered by the Supplier under this Agreement. Prepayment is not a commercial loan, interests for use of a loan shall not be accrued and paid.
6 INTELLECTUAL PROPERTY
6.1 Ownership:
(a) Subject to clause 6.1(c), title to, and all Intellectual Property Rights in, the Services, the Website, and all Underlying Systems is and remains the property of the Supplier (and its licensors). The Client must not dispute that ownership.
(b) Title to, and all Intellectual Property Rights in data or information sourced from the Services (i) about settings and set of parameters of the Services that are being used by the Client, (ii) any aggregated and/or anonymized information on the orders and any properties of any Units which will be used for training a general AI/machine learning for the purpose of generating and compiling transport information, (iii) any generalised cache files calculated based on input data, (iv) any analytics data relating to the use of the Services and server log files, and (v) any other data that is not considered to be the Client Data shall be owned by the Supplier.
(c) Title to, and all Intellectual Property Rights in the Client Data (as between the parties) remains the property of the Client or its Permitted User, as the case might be. The Client grants the Supplier a worldwide, non-exclusive, fully paid up, transferable, irrevocable licence to use, store, copy, modify, make available and communicate the Client Data for any purpose in connection with the exercise of its rights and performance of its obligations in accordance with the Agreement, including but not limited (i) for the purposes of detecting, blocking, analysing and reporting cyberthreats in the delivery of any Supplier products and services, and (ii) training general AI/machine learning systems.
6.2 Know how: To the extent not owned by the Supplier, the Client grants the Supplier a royalty-free, transferable, irrevocable and perpetual licence to use for the Supplier’s own business purposes any know how, techniques, ideas, methodologies, and similar Intellectual Property used by the Supplier in the provision of the Services.
6.3 Feedback: If the Client or its Permitted User provide the Supplier with ideas, comments or suggestions relating to the Services or Underlying Systems (together feedback):
(a) all Intellectual Property Rights in that feedback, and anything created as a result of that feedback (including new material, enhancements, modifications or derivative works), are owned solely by the Supplier; and
(b) the Supplier may use or disclose the feedback for any purpose.
6.4 The Client acknowledges that the SaaS Service may link to third party websites or feeds that are connected or relevant to the SaaS Service. Any link from the SaaS Service does not imply any Supplier endorsement, approval or recommendation of, or responsibility for, those websites or feeds or their content or operators. To the maximum extent permitted by law, the Supplier excludes all responsibility or liability for those websites or feeds.
6.5 Third party Intellectual Property Rights indemnity:
(a) The Supplier indemnifies the Client against any claim or proceeding brought against the Client to the extent that claim or proceeding alleges that the Client’s use of the SaaS Service in accordance with the Agreement constitutes an infringement of a third party’s Intellectual Property Rights (“IP Claim”). The indemnity is subject to the Client:
(i) promptly notifying the Supplier in writing of the IP Claim;
(ii) making no admission of liability and not otherwise prejudicing or settling the IP Claim, without the Supplier’s prior written consent; and
(iii) giving the Supplier complete authority and information required for the Supplier to conduct and/or settle the negotiations and litigation relating to the IP Claim. The costs incurred or recovered are for the Supplier’s account.
(b) The indemnity in clause 6.5(a) does not apply to the extent that an IP Claim arises from or in connection with:
(i) the Client’s or its Permitted User’s breach of the Agreement;
(ii) use of the SaaS Service in a manner or for a purpose not reasonably contemplated by the Agreement or otherwise not authorised in writing by the Supplier; or
(iii) any third-party data or any Client Data.
(c) If at any time an IP Claim is made, or in the Supplier’s reasonable opinion is likely to be made, then in defence or settlement of the IP Claim, the Supplier may (at the Supplier’s option):
(i) obtain for the Client the right to continue using the items which are the subject of the IP Claim; or
(i) modify, re-perform or replace the items which are the subject of the IP Claim, so they become non-infringing.
6.6 API Indemnification and Defense: The Client shall defend, indemnify, and hold harmless the Supplier and its affiliates, directors, officers, employees, agents, and representatives from and against any and all claims, damages, liabilities, losses, costs, and fees (including reasonable attorneys' fees) arising out of or related to: (i) the misuse of the API by the Client or its Permitted Users and/or end users; or (ii) any content or data processed through the API by the Client or its Permitted Users and/or end users. The Supplier agrees to: (a) promptly provide the Client with written notice of any claim; (b) grant the Client sole control over the defense and settlement of the claim, provided that the Client may not settle any claim without the Supplier's prior written consent unless the settlement unconditionally releases the Supplier of all liability; and (c) provide the Client, at the Clients expense, with all necessary assistance, information, and authority to perform the foregoing.
7 CONFIDENTIALITY
7.1 Security: Each party must, unless it has the prior written consent of the other party:
(a) keep confidential at all times the Confidential Information of the other party;
(b) effect and maintain adequate security measures to safeguard the other party’s Confidential Information from unauthorised access or use; and
(c) disclose the other party’s Confidential Information to its personnel, Affiliates (its personnel) (in case of Supplier) or professional advisors on a need to know basis only and, in that case, ensure that any personnel, Affiliate (in case of Supplier) or professional advisor to whom it discloses the other party’s Confidential Information is aware of, and complies with, the provisions of clauses 7.1(a) and 7.1(b).
7.2 Permitted disclosure: The obligation of confidentiality in clause 7.1(a) does not apply to any disclosure or use of Confidential Information:
(a) for the purpose of performing the Agreement or exercising a party’s rights under the Agreement;
(b) required by law (including under the rules of any stock exchange);
(c) which is publicly available through no fault of the recipient of the Confidential Information or its personnel;
(d) which was rightfully received by a party to the Agreement from a third party without restriction and without breach of any obligation of confidentiality; or
(e) by the Supplier if required as part of a bona fide sale of its business (assets or shares, whether in whole or in part) to a third party, provided that the Supplier enters into a confidentiality agreement with the third party on terms no less restrictive than this clause 7.
8 WARRANTIES
8.1 Mutual warranties: Each Party represents, warrants, and undertakes that:
(a) it has the right, necessary power, consents and authority to enter into and fully perform its obligations under this Agreement and will maintain the same throughout the term of this Agreement;
(b) this Agreement is executed by a duly authorised representative of that Party;
(c) there are no actions, suits or proceedings or regulatory investigations pending or, to that Party’s knowledge, threatened against or affecting that Party before any court or administrative body or arbitration tribunal that might affect the ability of that Party to meet and carry out its obligations under this Agreement;
(d) once duly executed, this Agreement will constitute its legal, valid and binding obligations;
(e) it is not a Sanctioned Entity nor is it the target of any investigations relating to a Sanction; and
(f) it will immediately notify the other Party if it is the target of any investigations relating to a Sanction.
8.2 Supplier’s warranty: The Supplier warrants to the Client only that the Services and the GPS-TRACE Software are not subject to any pledge or dispute, are not under seizure, and to the best of Supplier’s knowledge on the Start Date, do not violate anyone’s copyright, non-property and/or property rights of any third parties.
8.3 No implied warranties: To the maximum extent permitted by law:
(a) the Supplier’s warranties are limited to those set out in the Agreement, and all other conditions, guarantees or warranties whether expressed or implied by statute or otherwise are expressly excluded and, to the extent that they cannot be excluded, liability for them is limited to the cap as per clause 9.1; and
(b) except for the limited warranty as set forth in clause 8.2, THE SUPPLIER OFFERS AND PROVIDES, AND THE CLIENT ACCEPTS, THE SERVICES “AS IS”. THE SUPPLIER PROVIDES NO WARRANTIES AS TO THE FUNCTION OR USE OF THE SERVICES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, OR FITNESS FOR PARTICULAR PURPOSE, THE SUPPLIER PROVIDES NO WARRANTIES AS TO THE USE OF THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE AND/OR FREE FROM ERROR; THE SUPPLIER DOES NOT REPRESENT AND WARRANT THAT ANY INFORMATION OBTAINED BY THE CLIENT AS A RESULT OF THE SERVICES USE WILL BE ACCURATE AND/OR RELIABLE. THE SUPPLIER DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SERVICES WILL MEET THE CLIENT’S REQUIREMENTS.
8.4 Limitation of remedies: Where legislation or rule of law implies into the Agreement a condition or warranty that cannot be excluded or modified by contract, the condition or warranty is deemed to be included in the Agreement. However, the liability of the Supplier for any breach of that condition or warranty is limited, at the Supplier’s option, to:
(a) supplying the Services again; and/or
(b) paying the costs of having the Services supplied again.
9 LIABILITY
9.1 Maximum liability: The liability of the Supplier under or in connection with the Agreement or relating to the Services, whether in contract, tort (including negligence), breach of statutory duty or otherwise, is limited to the Client’s direct actual damages arising out the Supplier’s breach of the warranties set forth in clause 8.2 above; however, in any case the Supplier’s maximum aggregate liability shall not in any Year exceed an amount equal to the Fees paid by the Client under the Agreement in the previous six (6) months (which in the first Year is deemed to be the total Fees paid by the Client from the Start Date to the date of the first event giving rise to liability). In no event, the Supplier shall be liable for any losses of other parties than the Client, including the Permitted Users.
9.2 Unrecoverable loss: Neither party is liable to the other under or in connection with the Agreement or the Services for any:
(a) loss of profit, revenue, savings, business, use, data (including Client Data), and/or goodwill; or
(b) consequential, exemplary, punitive, indirect, incidental or special damage or loss of any kind.
9.3 Unlimited liability: Any provision herein does not apply to limit the Client’s liability:
(i) to pay the Fees;
(ii) in case of breach of clause 3.7 of these ToS;
(iii) under the indemnity in clause 4.4; or
(iv) for those matters stated in clause 6.5(a), as well as under or in connection with the Agreement for personal injury or death, or fraud or wilful misconduct.
9.4 No liability for other’s failure: Neither party will be responsible, liable, or held to be in breach of the Agreement for any failure to perform its obligations under the Agreement or otherwise, to the extent that the failure is caused by the other party failing to comply with its obligations under the Agreement, or by the negligence or misconduct of the other party or its personnel, except for the Permitted Users of the Client.
9.5 The Supplier is not responsible for the quality of technical support, operation and maintenance of communication facilities of the Client and third parties (SIM, hardware, etc.); for SaaS Service account access failures caused by the fault of the telecommunications service providers and the suppliers of the software used by the Client.
9.6 Notwithstanding any other provision herein to the contrary, the Supplier shall not be liable for loss of profit, revenue, savings, business, use, data (including Client Data), and/or goodwill and/or any direct, indirect, incidental, exemplary, punitive, special, or consequential damages and/or loss of any kind resulting from the implementation of technical measures mentioned in clause 3.8 of these ToS.
10 TERM, TERMINATION AND SUSPENSION
10.1 Duration: Unless terminated under this clause 10, the Agreement:
(a) starts on the Start Date and continues until December 31st of the same year as the Start Date. This Agreement shall be automatically renewed at the end of the current term for a successive one-year term unless either Party gives written notice of its intention either to renegotiate the terms of this Agreement or to terminate this Agreement thirty (30) days before expiration of the current term.
10.2 No fault termination: Either party may terminate the Agreement on thirty (30) calendar days’ prior notice to the other party.
10.3 Other termination rights:
(a) Either party may, by notice to the other party, immediately terminate the Agreement if the other party:
(i) breaches any material provision of the Agreement (except clause 3.7 of these ToS) and the breach is not:
(ii) becomes insolvent, liquidated or bankrupt, has an administrator, receiver, liquidator, statutory manager, mortgagee or chargee’s agent appointed, becomes subject to any form of insolvency action or external administration, or ceases to continue business for any reason;
(iii) breaches provision of clause 3.7 of these ToS;
(iv) the other Party is or becomes a Sanctioned Entity; or
(v) is unable to perform a material obligation under the Agreement for thirty (30) calendar days or more due to Force Majeure Event.
(b) If the remedies in clause 6.5(c) are exhausted without remedying or settling the IP Claim, the Supplier may, by notice to the Client, immediately terminate the Agreement.
10.4 Consequences of termination or expiry:
(a) Termination or expiry of the Agreement does not affect either party’s rights and obligations that accrued before that termination or expiry.
(b) On termination or expiry of the Agreement, the Client must pay all Fees for Services provided prior to that termination or expiry.
(c) Except to the extent that a party has ongoing rights to use Confidential Information, at the other party’s request following termination or expiry of the Agreement, a party must promptly return to the other party or destroy all Confidential Information of the other party that is in the first party’s possession or control.
(d) Upon termination or expiry of the Agreement, all rights to access and/or use API will terminate immediately.
10.5 Obligations continuing: Clauses which, by their nature, are intended to survive termination or expiry of the Agreement.
10.6 Suspending access: Without limiting any other right or remedy available to the Supplier, the Supplier may restrict or suspend the Client’s access to the SaaS Service where the Client (including any of its Permitted Users):
(a) undermines, or attempts to undermine, the security or integrity of the SaaS Service or any Underlying Systems;
(b) fails to make any payment under the Agreement;
(c) uses, or attempts to use, the SaaS Service:
(i) for improper purposes, as determined in Supplier’s sole discretion;
(ii) outside the Territory as specified in the Client’s account at https://legal.gurtam.com/gps-trace/ssc if the relevant tariff plan was chosen by the Client prior to the actual Services use;
or
(iii) in a manner, other than for normal operational purposes, that materially reduces the operational performance of the SaaS Service; or
(d) has otherwise materially breached the Agreement (in the Supplier’s reasonable opinion).
10.7 During the suspension period the Client shall pay the Fees as per this Agreement.
10.8 Suspension period is valid until the Client has eliminated the grounds for such suspension, but in any case no more than 30 (thirty) calendar days from the suspension start date. If the grounds for suspension have not been eliminated within a 30 (thirty) calendar days period starting from suspension start date, the Supplier has the right to immediately terminate the Agreement unilaterally and without any compensations.
10.9 The Supplier is not liable for any damage (including loss of profit, business interruption, loss of business information, loss of Client Data, etc.) incurred by the Client due to the suspension of the access to the SaaS Service or refusal to fulfil the obligations under the Agreement unilaterally, even if the Supplier was warned in advance about the possibility of such damage.
10.10 The Supplier must notify the Client where it restricts or suspends the Client’s access under clause 10.6.
10.11 For the purposes of this clause 10, any breach by the Client of clause 3 and/or clause 5 shall constitute a material breach of this Agreement.
11 MODIFICATIONS
11.1 The Supplier reserves the right to modify these ToS at any time at its sole discretion. Unless explicitly stated otherwise, such modifications will be communicated to the Client (a) through the SaaS Services, (b) by email using the confirmed email address indicated in the Client’s account at https://legal.gurtam.com/gps-trace/ssc, and/or (c) in the Client’s personal account at https://legal.gurtam.com/gps-trace/ssc. Any modifications will take effect immediately upon communication. Continued use by the Client of the Services after such changes come into effect constitutes a binding acceptance of such changes. The Client may also express its consent with such changes by clicking to accept or agree with modified ToS button.
12 DISPUTES
12.1 Good faith negotiations: Before taking any court action, a party must use best efforts to resolve any dispute under, or in connection with, the Agreement through good faith negotiations.
12.2 Obligations continue: Each party must, to the extent possible, continue to perform its obligations under the Agreement even if there is a dispute.
12.3 Right to seek relief: This clause 12 does not affect either party’s right to seek urgent interlocutory and/or injunctive relief.
13 GENERAL
13.1 Force Majeure: Neither party is liable to the other for any failure to perform its obligations under the Agreement to the extent caused by Force Majeure, provided that the affected party:
(a) immediately notifies the other party and provides full information about the Force Majeure Event;
(b) uses best efforts to overcome the Force Majeure Event; and
(c) continues to perform its obligations to the extent practicable.
A Force Majeure Event shall not give the Client the right to claim relief from the obligation to make any payment which it is required to make under the Agreement.
13.2 Rights of third parties: No person other than the Supplier and the Client has any right to a benefit under, or to enforce, the Agreement.
13.3 Waiver: To waive a right under the Agreement, that waiver must be in writing and signed by the waiving party.
13.4 Independent contractor: The Supplier is an independent contractor of the Client, and no other relationship (e.g. joint venture, agency, trust or partnership) exists under the Agreement.
13.5 Notices: A notice given by a party under the Agreement must be delivered to the other party via email using the email address:
(a) if to the Supplier, at administration@gps-trace.com;
(b) if to the Client, at confirmed email address set out in the Client’s account in https://legal.gurtam.com/gps-trace/ssc;
or otherwise notified by the other party for this purpose.
The Supplier retains the right to notify the Client by making the notice available in the Client’s account within the SaaS Service and/or in the Client’s personal account at https://legal.gurtam.com/gps-trace/ssc, in which case, the notice will be deemed delivered to the Client on the day the Client logs into its account within the SaaS Service and/or in the Client’s personal account at https://legal.gurtam.com/gps-trace/ssc for the first time after the notice is published.
13.6 Severability: Any illegality, unenforceability or invalidity of a provision of the Agreement does not affect the legality, enforceability or validity of the remaining provisions of the Agreement.
13.7 Variation: Subject to clause 11.1, any variation to the Agreement must be in writing and signed by both parties.
13.8 Entire agreement: The Agreement sets out everything agreed by the parties relating to the Services, and supersedes and cancels anything discussed, exchanged or agreed prior to the Start Date. The parties have not relied on any representation, warranty or agreement relating to the subject matter of the Agreement that is not expressly set out in the Agreement, and no such representation, warranty or agreement has any effect from the Start Date.
13.9 Subcontracting and assignment:
(a) The Client may not assign, novate, subcontract or transfer any right or obligation under the Agreement without the prior written consent of the Supplier, that consent not to be unreasonably withheld. The Client remains liable for its obligations under the Agreement despite any approved assignment, subcontracting or transfer. Any assignment, novation, subcontracting or transfer must be in writing.
(b) Any change of control of the Client is deemed to be an assignment for which the Supplier’s prior written consent is required under clause 13.9(a). In this clause, “change of control” means any transfer of shares or other arrangement affecting the Client or any member of its group which results in a change in the effective control of the Client.
13.10 Law: The Agreement is governed by, and must be interpreted in accordance with, the laws of the Republic of Lithuania. Each party submits to the non-exclusive jurisdiction of the Courts of Lithuania in relation to any dispute connected with the Agreement.
13.11 Counterparts: The Agreement may be signed in counterparts, each of which constitutes an original and all of which constitute the same agreement. A party may enter the Agreement by signing and emailing a counterpart copy to the other party. This Agreement is an electronic document and does not require to be signed.
13.12 Details of the Supplier:
Gurtam UAB
Tax Code: 302506437
VAT code: LT100005489613
Address: Ozo g. 12A (5th floor), Penta Technopolis, 08200, Vilnius, Lithuania
Email: administration@gps-trace.com
Annex 1. Data Processing Agreement
This Data Processing Agreement (the “DPA”) forms an integral part of the existing GPS-TRACE AGREEMENT (the “Agreement”) between Supplier and Client (the “Client”) and sets forth the terms and conditions applicable, including, but not limited, to the processing of Personal Data provided by the Client (the “Client’s Data”) to the Supplier on behalf of the Client for the purpose of properly provide the Services to the Client (“Data Processing Purpose”).
This DPA is subject to the Terms of Service (“ToS“) which shall control to the extent not otherwise inconsistent with the provisions of this DPA.
Each, the Client and the Supplier, may also be referred to as the “Party” or together referred to as the “Parties” in this DPA,
The Parties hereby agree as follows:
1 Definitions
1.1. Capitalised terms used but not defined in this DPA have the meanings given elsewhere in the Agreement. The following capitalised definitions when used in this DPA shall have the following meanings:
(a) “Alternative Transfer Solution” means a solution, other than the Standard Contractual Clauses, that enables the lawful transfer of Client Data to a third country in accordance with Articles 45 or 46 of the GDPR.
(b) “Data Incident” means a breach of the Supplier’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Client’s Data on systems managed by or otherwise controlled by the Supplier. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Client’s Data, including unsuccessful log-in attempts, pings, port scans, denial-of-service attacks, and other network attacks on firewalls or networked systems.
(c) “Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, including the GDPR (as defined below), applicable to the processing of Client Data under the Agreement.
(d) “EEA” means the European Economic Area.
(e) “European Data Protection Legislation” means the GDPR.
(f) “GDPR” means EU General Data Protection Regulation 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) on the protection of natural persons with regard to the processing of Client Data and on the free movement of such data, and repealing EU Directive 95/46/EC.
(g) “Non-European Data Protection Legislation” means data protection or privacy legislation other than the European Data Protection Legislation.
(h) “Notification Email Address” means the email address(es) designated by the Client to receive certain notifications from the Supplier.
(i) “Standard contractual clauses” or “SCC” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.
(j) “Sub-Processor” means third parties authorised under this DPA to have logical access to and process Client’s Data in order to provide parts of the Services and related technical support.
1.2 The terms “data subject”, “personal data”, “processing”, “controller”, “processor” and “supervisory authority” as used in this DPA have the meanings given under governing Data Protection Laws.
1.3 In any matter and aspects not covered by this DPA the Parties agreed to be guided by, (1) first, the Agreement with the hierarchy of precedence mentioned in Preamble of the ToS, (2) second, the Data Protection Laws; and (3) third, law mentioned in clause 13.10 of the ToS.
2 Scope
This DPA stipulates the rights and obligations of the Supplier and the Client regarding the processing of the Client’s Data in connection with the Services. It shall apply to all activities within the scope of and related to the Agreement in the context of which the Supplier’s employees or Sub-Processors may come into contact with the Client’ Data. In case if the Client seeks to resell the Services purchased under the Agreement to Client’s customer(s) (the “Customer(s)”) which will access and use the Services directly or with the Client’s assistance, the Client will process the Client Data of data subjects and in this respect the Customer will be a data controller and the Client will act as a data processor and process Client Data in accordance with the instructions of the applicable controller. In such a case, the Client engages the Supplier as a sub-processor in respect of the personal data of data subjects.
3 Term
This DPA will be in effect unless the Agreement is terminated under clause 10 of ToS.
4 Data Protection Legislation
4.1 Application of European Legislation. The Parties acknowledge and agree that the European Data Protection Legislation will apply to the processing of the Client Data if:
(a) processing is carried out in the context of the activities of an establishment of the Client in the territory of the EEA;
and/or
(b) the Client Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services in the EEA or the monitoring of their behaviour in the EEA.
4.2 Application of Non-European Legislation. The Parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of the Client Data.
5 Processing of the Client Data
5.1 The Parties agree that with regard to the processing of the Client Data, the Client is the data controller, the Supplier is the data processor and that the Supplier may engage Sub-Processors pursuant to the requirements set forth in clause 14 of this DPA.
5.2 The Client as a data controller shall be responsible for complying with Data Protection Laws, including, but not limited to, the lawfulness of the processing and the lawfulness of the transmission (if any) of the Client Data to the Supplier. The Client represents to the Supplier that the Client has the right to process and engage the Supplier for processing of the Client Data for the Data Processing Purpose and warrants that the Client Data disclosed or transferred to the Supplier will ensure the proper implementation of the principles of personal data processing provided for in Article 5 of the GDPR, including the principle of reducing the amount of data, and the Client will assume all related responsibilities.
5.3 The Supplier shall process the Client Data only to the extent required and with the sole purpose of fulfilling the Supplier’s obligations under the Agreement (the Data Processing Purpose), in accordance with applicable Data Protection Laws and this DPA as well as the Client’s Instructions, as defined in clause 5.4 below. The Client shall have sole responsibility for the accuracy, quality, and legality of Client Data and how the Client acquired it.
5.4 The Parties agree to consider this DPA, the Agreement and Service settings, which may be set by the Client when using Services, as documented Client's instructions (the “Client Instructions). The Client Instructions are complete and final Client’s instructions to the Supplier in relation to the Client Data and any additional instructions shall require a prior written agreement between the Parties. In case the Supplier agrees to be bound by other Client’s instructions than the Client Instructions, additional fees may apply. The Client shall ensure that the Client Instructions comply with Data Protection Laws.
5.5 When acting as a processor on behalf of its customers, the Client will act only on the instructions of the controller and instruct the Supplier accordingly. In such case, provisions of clause 5.4 still apply. The Client shall also comply with its obligations as a processor under the Data Protection Legislation, including but not limited to putting in place appropriate security and assisting the controller to comply with its own obligations.
6 Rights of Data Subjects
6.1 The Supplier shall, to the extent legally permitted, promptly notify the Client if it receives a request from a data subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision-making (the “Data Subject Request”).
6.2 Taking into account the nature of processing, the Supplier shall assist the Client by appropriate technical and organisational measures, to the extent possible, for the fulfilment of the Client’s obligation to respond to a Data Subject Request under Chapter III of the GDPR. Except to the extent required by applicable law, the Supplier shall not respond to any such Data Subject Request without the Client’s prior written consent except to confirm that the request relates to the Client.
6.3 Further, to the extent the Client in its use of the Services does not have the ability to address a Data Subject Request, the Supplier shall upon the Client’s written request use commercially reasonable efforts to assist the Client in responding to such Data Subject Request, to the extent the Supplier is legally permitted to do so and provided that such Data Subject Request is required under applicable Data Protection Laws. Any costs arising from such provision of assistance shall be the responsibility of the Client.
7 Personnel
7.1 The Supplier shall ensure that its personnel engaged in the processing of the Client Data is informed of the confidential nature of the Client Data, have received appropriate training on their responsibilities and are subject to obligations of confidentiality and such obligations survive the termination of that persons’ engagement with the Supplier.
7.2 The Supplier shall take commercially reasonable steps to ensure the reliability of any Supplier personnel engaged in the Processing of the Client Data.
7.3 The Supplier shall ensure that the Sub-Processor’s access to the Client Data is limited to those personnel who require such access to perform the Agreement.
8 Data Deletion
8.1 Deletion During Term: The Supplier will enable the Client to delete the Client Data during the Term in a manner consistent with the functionality of the Services. The Supplier will comply with the instruction to delete data as soon as reasonably practicable, unless Data Protection Laws require storage.
8.2 Deletion on Expiry: The Client hereby instructs the Supplier to delete all the Client Data (including existing copies) from the Supplier’s systems in accordance with Data Protection Laws on expiry of the Term. The Supplier will comply with this instruction as soon as reasonably practicable and within a maximum period of 90 days, unless Data Protection Laws require storage. Without prejudice to clause 6.1, the Client acknowledges and agrees that the Client will be responsible for exporting and making backups, before the Term expires, any Client Data it wishes to retain afterwards.
9 Data Security
9.1 The Supplier’s Security Measures, Controls and Assistance:
(a) The Supplier’s Security Measures: The Supplier will implement and maintain technical and organisational measures to protect the Client Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to help ensure ongoing confidentiality, integrity, availability and resilience of the Supplier’s systems and services; to help restore timely access to Client Data following an incident; and for regular testing of effectiveness. The Supplier may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
(b) Security Compliance by the Supplier’s Personnel: The Supplier will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Sub-Processors to the extent applicable to their scope of performance, including ensuring that all persons authorised to process the Client’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) The Supplier’s Security Assistance: The Client agrees that the Supplier will (taking into account the nature of the processing of the Client Data and the information available to the Supplier) assist the Client in ensuring compliance with the Client’s obligations in respect of security of Client Data and personal data breaches, including, if applicable, the Client’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
(i) implementing and maintaining the Security Measures in accordance with clause 9.1(a);
(ii) complying with the terms of clause 9.1(b).
9.2 The Client’s Security Responsibilities and Assessment
(a) The Client’s security responsibilities: The Client agrees that, without prejudice to the Supplier’s obligations under clause 9.1:
(i) the Client is solely responsible for its use of the Services, including:
making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Client Data; securing the account authentication credentials, systems and devices the Client uses to access the Services; and
backing up its Client Data; and
(ii) the Supplier has no obligation to protect the Client Data that the Client elects to store or transfer outside the Supplier’s and its Sub-Processors’ systems.
(b) The Client’s Security Assessment:
(i) the Client is solely responsible for evaluating for itself whether the Services, the Security Measures and the Supplier’s commitments under this clause 9 will meet the Client’s needs, including with respect to any security obligations of the Client under the European Data Protection Legislation and / or Non-European Data Protection Legislation, as applicable;
(ii) the Client acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Client Data as well as the risks to individuals) the Security Measures implemented and maintained by the Supplier as set out in clause 9.1(a) provide a level of security appropriate to the risk in respect of the Client Data.
10 Data Incident
10.1 Data Incident Notification: If the Supplier becomes aware of a Data Incident, the Supplier will: (a) notify the Client of the Data Incident promptly and without undue delay but not later than within 36 hours of becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimise harm and secure the Client Data.
10.2 Details of Data Incident: Notification of any Data Incident shall contain the following information: (i) the nature of the Data Incident, including, where possible, the categories of the data subjects and approximate number thereof; (ii) possible consequences of the Data Incident; (iii) measures implemented by the Supplier or proposed to be taken to address the Incident, including, where appropriate, measures for mitigating possible negative consequences of the Incident; (iv) full name and contact information of data protection officer or any other contact person that could provide further information.
10.3 Delivery of Notification: Notification of any Data Incident will be delivered to the Notification Email Address or, at the Supplier’s discretion, by direct communication (for example, by phone call or an in-person meeting). The Client is solely responsible for ensuring that the Notification Email Address is current and valid.
10.4 No Assessment of the Client Data by the Supplier: The Supplier will not assess the contents of the Client Data in order to identify information subject to any specific legal requirements. The Client is solely responsible for complying with the Data Incident notification applicable to the Client and fulfilling any third-party notification obligations related to any Data Incident.
10.5 No Acknowledgment of Fault by the Supplier: The Supplier’s notification of or response to a Data Incident under the Clause 10.2 will not be construed as an acknowledgment by the Supplier of any fault or liability with respect to the Data Incident.
10.6 The Client shall be responsible for the compliance with legislation regulating the delivery of notifications or information to the data subjects and supervisory authorities about the Data Incident.
11 Audits of Compliance
11.1 The Client’s Audit Rights:
(a) if the European Data Protection Legislation applies to the processing of the Client Data, the Supplier will allow the Client or an independent auditor appointed by the Client to conduct audits (including inspections) to verify the Supplier’s compliance with its obligations under this DPA;
(b) if the Client decides to conduct an audit as described above, then the Client shall bear all costs and expenses connected therewith, such as the auditors’ fees, costs of transport, legal fees, etc.;
(c) if the Client has entered into Standard Contractual Clauses as described in clause 13.2, the Supplier will, without prejudice to any audit rights of a supervisory authority under such Standard Contractual Clauses, allow the Client or an independent auditor appointed by the Client to conduct audits as described in the Standard Contractual Clauses;
(d) the Client may also conduct an audit to verify the Supplier’s compliance with its obligations under this DPA. In such a case the Client shall bear all costs and expenses connected therewith, such as the auditors’ fees, costs of transport, legal fees etc.
12 Impact Assessments and Consultations
The Client agrees that the Supplier will (taking into account the nature of the processing and the information available to the Supplier) assist the Client in ensuring compliance with any obligations of the Client in respect of data protection impact assessments and prior consultation, including, if applicable, the Client’s obligations pursuant to Articles 35 and 36 of the GDPR.
13 Data Transfers
13.1 Data Storage and Processing Facilities: The Client agrees that the Supplier may, subject to clause 13.2, store and process the Client Data in Lithuania and/or any other country in which the Supplier or any of its Sub-Processors maintains facilities.
13.2 Transfers of Data Out of the EEA
The Supplier’s Transfer Obligations: If the storage and / or processing of the Client's Data (as set out in clause 13.1) involves transfers of the Client Data out of the EEA and the European Data Protection Legislation applies to the transfers of such data, the Supplier will:
(i) if requested to do so by the Client, ensure that the Supplier as the data importer of the transferred Client Data enters into Standard Contractual Clauses with the Client as the data exporter of such data, and that the transfers are made in accordance with such Standard Contractual Clauses;
and/or
(ii) offer an Alternative Transfer Solution, ensure that the transfers are made in accordance with such Alternative Transfer Solution, and make information available to the Client about such Alternative Transfer Solution.
13.3 The Client’s Transfer Obligations: In respect of transferred Client Data, the Client agrees that:
(a) if under the European Data Protection Legislation the Supplier reasonably requires the Client to enter into Standard Contractual Clauses in respect of such transfers, the Client will do so;
and
(b) if under the European Data Protection Legislation the Supplier reasonably requires the Client to use an Alternative Transfer Solution offered by the Supplier, and reasonably requests that the Client take any action (which may include execution of documents) strictly required to give full effect to such solution, the Client will do so.
13.4 Disclosure of Confidential Information Containing Personal Data: If the Client has entered into Standard Contractual Clauses as described in clause 13.2, the Supplier will, notwithstanding any term to the contrary in the Agreement, ensure that any disclosure of the Client’s Confidential Information containing Client Data, and any notifications relating to any such disclosures, will be made in accordance with such Standard Contractual Clauses.
14 Sub-Processors
14.1 The Client hereby gives general advance consent to the Supplier to engage Sub-Processors which will process the Client’s Data on behalf of the Supplier, according to the scope and purposes specified in this DPA. The Supplier shall engage only those Sub-Processors which will ensure the following: (i) implementation of appropriate technical and organisational measures; (ii) data processing in compliance with GDPR requirements; and (iii) protection of the rights of the data subject. The list of engaged Sub-Processors is indicated in Appendix 1.
14.2 The Supplier shall ensure that a written agreement has been concluded with Sub-Processors engaged under which Sub-Processors shall undertake to comply with responsibilities of the data processor established in this DPA at least to the extent applicable to the Supplier. The Supplier shall be liable against the Client for the performance of obligations of Sub-Processors engaged.
14.3 The Supplier shall notify the Client about its plans to replace or engage a new Sub-Processor by making such information available to the Client no later than fourteen (14) calendar days prior to the planned event.
14.4 If the Client continues using the Services following the replacement or involvement of a new Sub-Processor and notification of the Client under the procedure provided for in clause 14.3 of this DPA, it shall be considered that the Client agreed to such actions of the Supplier.
14.5 If the Client withdraws its general consent to engage Sub-Processor, the Supplier shall have the right to unilaterally, under out-of-court procedure, terminate this DPA and the Agreement, and such termination shall be considered to have been made for important reasons and the Client shall be deemed not to have suffered any damage due to such termination.
14.6 If, in the performance of this DPA, the Supplier transfers any Client Data to a Sub-Processor located outside the EEA, the Supplier shall, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.
15 Processing Records
The Client acknowledges that the Supplier may be required under the Data Protection Laws to: (a) collect and maintain records of certain information, including the name and contact details of the processor and/or controller on behalf of which the Supplier is acting and, where applicable, of such processor or controller's local representative and data protection officer, as well as the categories of processing carried out on behalf of each controller, where possible a general description of the technical and organisational security measures; and (b) make such information available to the supervisory authorities.
16 Liability
Taking into consideration the nature, scope, context and purposes of data processing, the Supplier’s liability under this DPA shall be limited to and in any case may not exceed the amount the Client has paid to the Supplier in the previous 3 (three) months preceding the event that gives rise to the claim.
Appendix 1. Sub-Processors
The current Sub-Processors for the Services are set out at https://legal.gurtam.com/gps-trace/sub-processors (“Sub-processor List”) and the Client agrees that the Supplier has engaged such Sub-processors to process the Client Data.
Appendix 2. Security Measures
As from the Effective Date, the Supplier will implement and maintain the Security Measures set out in this Appendix 2 to the DPA. The Supplier may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services:
1 Infrastructure security
1.1 The Supplier’s personnel are required to follow security policies that define access privileges and control for the transmission, processing, and storing of sensitive data. The Supplier conducts annual risk assessments on system and networking components which include systems, data, computers, personal devices, applications, facilities, connections, individuals, documentation, and electronic media, where confidential, sensitive data is present.
1.2 Personnel are required to execute an information security policy and must acknowledge receipt of, and compliance with, the Supplier’s security policies.
2 Personnel Security
2.1 The Supplier’s personnel are required to conduct themselves in a manner consistent with the Supplier’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. The Supplier conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labour law and statutory.
2.2 Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, the Supplier’s confidentiality and privacy policies.
3 Sub-Processor Security
3.1 Before onboarding a Sub-Processor, the Supplier conducts a check of the security and privacy practices of Sub-Processors to ensure Sub-Processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide.
3.2 Once the Supplier has assessed the risks presented by the Sub-Processor, then always subject to the requirements set out in clause 14 of this DPA, the Sub-Processors is required to enter into appropriate security, confidentiality and privacy contract terms.
Appendix 3. Types of Personal Data and categories of data subjects
The type of personal data processed under this DPA is any personal data uploaded to the Services; the preliminary list of personal data categories is as follows:
(i) in relation to users, including, but not limited to: name, and work address, details including office location and job title; communication and contact details including email and mobile phone; username and password; user roles and privileges, and preferences set within the services and logs of usage of the services; and
(ii) in relation to vehicle, any other units (whether movable or not): data subjects, including, but not limited to: the location or approximate location of the data subject; particulars of the vehicle in relation to which the data subject is a driver, passenger or in the vicinity of; video and/or audio recordings of the data subject when they are in the field of view of cameras fitted to the relevant vehicle.
(iii) business contact details of such data subjects, vehicle registration, tracking data and video images.
The categories of data subjects are those which personal data is uploaded to the Services.