Last update: April 24, 2025
This Contract is entered between Marfeel Solutions, S.L., (hereinafter MARFEEL) and the CLIENT. Both parties may be referred jointly as the PARTIES.
1.- SCOPE OF THE AGREEMENT
1.1. These General Terms of Service (hereinafter GTOS) below set forth the rights and obligations of the PARTIES associated with the implementation and execution of the cost free version (“FREEMIUM VERSION”), as well as the paid version (“PAID VERSION”) of the SERVICE (S) on the CLIENT’S website.
1.2. For the purpose of this agreement, the services shall be defined as proprietary software services that MARFEEL will provide to the CLIENT (“SERVICE (S)”) .
1.3. In the PAID VERSION, the SERVICE(S) provided by MARFEEL are specifically stated in the SERVICE ORDER FORM(S), in accordance with the GTOS and any provisions agreed in the OBSERVATIONS section of MARFEEL’s contracting platform.
In the case MARFEEL and the CLIENT introduce new SERVICE(S) or modify existing ones, such addition and/or modification shall be effective by mutually signing the additional SERVICE ORDER FORM(S), which shall be governed by the main GTOS previously signed by the PARTIES.
1.4. All the Sections of these GTOSare applicable to the FREEMIUM VERSION and PAID VERSION, with the exception of Section 2 and 3 which shall not apply to the FREEMIUM VERSION.
2.- FEES AND PAYMENT
2.1. Except for any Free Period, invoices will be issued upfront in accordance with the conditions stated in the Billing Frequency section of the SERVICE ORDER FORM(S). Invoices must be paid within 10 days of the issuance date. If payment is delayed, MARFEEL may charge the maximum conventional interest rate, set by the competent public authority and allowed by regulations from the date the payment was due until it is fully paid.
2.2. The CLIENT must pay in EUROS or US DOLLARS, net of all banking fees, taxes, levies, or duties imposed by taxing authorities. CLIENT is responsible for payment of all such fees, taxes, levies, or duties. If CLIENT is required to withhold any portion of SERVICE(S) fees due to payments to banks or taxing authorities, it agrees: (i) to make the necessary withholding and to indemnify MARFEEL should it fail to do so, and (ii) that MARFEEL is entitled to receive the full amount for the SERVICE(S), net of any such withholdings. Therefore, MARFEEL reserves the right to adjust the pricing of the SERVICE(S) to ensure receipt of the full amount.
2.3. If MARFEEL MONITORING is contracted through Marfeel website (www.marfeel.com), as no SERVICE ORDER FORM is provided, the Contract will be governed by these General Terms of Service (GTOS), specifically by clause 5.2. and this clause 2, which regulates: (i) the payment frequency: payments will be recurring on a monthly basis; (ii) the payment method: the payment method will be through credit card; and (iii) the cancellation terms: cancellation can be done at any time, but the amount pending until the next billing period will not be refunded.
3.- TERM AND TERMINATION
3.1. This GTOS will remain in effect for the term specified in the SERVICE ORDER FORM(S). It will automatically renew for the same term unless either party provides written termination notice of at least two (2) months before the end of the current term.
3.2. Notwithstanding clause 3.1, the CLIENT has the right to terminate the GTOS for any reason within a 4 week period counted from the start day of using the product in the initial SERVICE ORDER FORM. However, this right will not apply to upsells, add-ons, requests of new SERVICES governed by this GTOS and/or modification of current SERVICES.
3.3. MARFEEL may, permanently or temporarily, suspend, terminate, or refuse to permit the CLIENT’s use of the SERVICE(S), if MARFEEL determines that the CLIENT : i) fails to comply or is reasonable likely to violate any provision stated herein or any other instruction provided by MARFEEL; ii) does not use the SERVICE(S) in a fair and honest manner; iii) fails to cooperate with MARFEEL to ensure the fulfillment of the contract; or iv) uses the SERVICE(S) in a way that might hinder the performance of the SERVICE(S) or MARFEEL’s networks.
The CLIENT has 10 calendar days from the date of receiving a notice from MARFEEL to cure the breach or take reasonable steps to remedy the violation. If the breach or potential breach is not remedied within such period, MARFEEL may take the actions mentioned above.
3.4. Upon termination of this Agreement, all licenses, and any other rights and SERVICE(S) provided by MARFEEL to the CLIENT under this Contract, will cease immediately. Unless otherwise specified in the applicable SERVICE ORDER FORM(S), MARFEEL will have no obligation to store, retain or provide any Traffic Data (historical or otherwise) to the CLIENT.
3.5. In the event of early termination, MARFEEL will only reimburse the CLIENT for the prorated amount of unaccrued fees. Under no circumstances will the onboarding fee be reimbursed.
SURVIVAL: Sections 2, 5 through 8 inclusive, and section 10.4 will survive any termination of this Contract. Upon termination of this Contract, the CLIENT must cease any further use of the SERVICE(S).
4.- RIGHTS AND OBLIGATIONS
4.1. MARFEEL grants the CLIENT a non-sublicensable, non-transferable, non-exclusive, revocable, limited license to use: (i) the SERVICE(S) and (ii) certain proprietary documentation generally made available by MARFEEL for use with the Software (the “Documentation”) solely for receiving the MARFEEL´S SERVICE(S). The CLIENT’s use of the SERVICE(S) must adhere to the terms and conditions of this GTOS in compliance with Laws and the applicable policies set by MARFEEL. MARFEEL also grants a non-exclusive, non-transferable, revocable, limited license to access and use its API solely in connection with the use of the SERVICE(S).
4.2. The CLIENT agrees to: (i) use the SERVICE(S) in accordance with this GTOS, SERVICE ORDER FORM(S), DATA PROCESSING AGREEMENT (hereinafter “DPA”) and the OBSERVATIONS section on MARFEEL´S contracting platform. (ii) be responsible for its’ user’s compliance within this Contract; (iii) acknowledge that MARFEEL may change, modify, add to or discontinue or retire any aspect or feature of its SERVICE(S) at any time without any obligation to notify the CLIENT, provided there is no change to the description of the SERVICE(S) specified in the SERVICE ORDER FORM(S). If there is any modification to the features of the SERVICE(S) as stated in the SERVICE ORDER FORM(S), these modifications will be solely to the benefit of the CLIENT. In that event, MARFEEL will notify the CLIENT with a 15 business day written notice. Occasionally, MARFEEL may release upgrades, fixes or new versions of the SERVICE(S), but these upgrades might not be consistent across all platforms and devices; (iv) use commercially reasonable efforts to prevent unauthorized use or access to the SERVICE(S) by any third party, any account or password, or any copying of the software. The CLIENT will notify MARFEEL immediately of any such unauthorized activities and will not provide access to the SERVICE(S) to any unauthorized personnel and/ or any third party; and, (v) MARFEEL is not responsible for the content or texts that appear in MARFEEL EXPERIENCES (e.g. MarfeelPass, Marfeel Forms, etc.) and the CLIENT is solely responsible for seeking proper guidance and legal assistance to ensure that all texts comply with Data Protection and other applicable regulations.
4.3. The CLIENT shall retain all rights to the Traffic Data, subject to the rights and licenses granted in this agreement. “Traffic Data” refers to all data and information created, received, processed, or provided by MARFEEL while performing the SERVICE(S), or resulting from the performance of the SERVICE(S) for the CLIENT. Through this agreement, the CLIENT grants MARFEEL the necessary rights to access and monitor Traffic Data related to the CLIENT’S website, solely in connection with providing the SERVICE(S) during the term of this Contract. MARFEEL does not claim ownership of the Traffic Data.
4.4. The CLIENT shall not, and shall not permit others to: (i) reverse engineer, disassemble, or decompile of any part of the SERVICE(S); (ii) remove any copyright notices, trademarks or other proprietary notices or restrictions from the SERVICE(S); (iii) use or modify the SERVICE(S) in a manner that would subject the software, either in whole or in part, to a Copyleft License (as defined below); (iv) use the SERVICE(S), or permit it to be used, for purposes of benchmarking, performance tests or other comparative analysis intended for publication or disclosure to third parties; (v) except as permitted by this Contract, directly or indirectly: distribute, disclose, communicate, sell, sublicense, rent, lease, market, use or commercialize the SERVICE(S) (or any part thereof); (vi) provide the SERVICE(S) on a time sharing, hosting company, or similar basis; (vii) replicate any features, functions or graphics of the Product beyond what is expressly authorized in this Contract; (viii) send, store, access or authorize a third party to send, store or access spam, unlawful, infringing, obscene or libelous material as well as viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; (ix) interfere with or disrupt the integrity or performance of the SERVICE(S). “Copyleft License” refers to a software license that mandates the public release of information necessary for reproducing and modifying such software to recipients of its executable versions.
4.5. Nothing in this Agreement grants the CLIENT any rights whatsoever to, or relating to the source code of the Software, beyond the limited right to place MARFEEL’s JavaScripts on the CLIENT’S website(s). All ownership rights, title, and Intellectual Property Rights in the SERVICE(S) shall remain with MARFEEL and/or its licensors.
4.6. MARFEEL is the owner of all the Intellectual Property rights over the SERVICE(S), the trademarks, distinctive signs and contents associated with it, which have not been generated by clients, partners or collaborators.
4.7. The CLIENT acknowledges that MARFEEL may use its name and/or logo for awards, case studies, public relations and other marketing purposes, unless the CLIENT instructs otherwise by giving MARFEEL a written notice.
4.8. The CLIENT acknowledges that MARFEEL may need to access the CLIENT’s platform for the following purposes: to ensure that the SERVICE(S) is provided to the expected level, to optimize the platform or to verify that the platform is functioning adequately, unless otherwise specified via a written statement from the CLIENT.
5.- WARRANTY DISCLAIMER
5.1. MARFEEL guarantees that the provision of the SERVICE(S) will be performed in a professional manner and with all necessary measures to ensure correct performance. However, MARFEEL does not warrant merchantability, fitness for a particular purpose or noninfringement. The SERVICE is provided by the COMPANY and its licensors "as is’’ and “as available”. The CLIENT assumes all risks associated with the use of the SERVICES. Moreover, while MARFEEL will make its best effort to provide accurate classification concerning traffic, sources and channels, it cannot always guarantee precision in this classification. This is because the data is sourced from Tech Providers, who might sometimes deliberately hide or disguise attributes, affecting accurate classification. For this reason, any claims of imprecision cannot constitute grounds for early termination of the contract, nor can they be a basis to request any kind of compensation.
5.2. In relation to MARFEEL MONITORING (either as an upsell or as a standalone service), this product relies on the information gathered from different monitored platforms (e.g. social platforms or Google Discover). Due to the rapid and constant evolution of these platforms, MARFEEL cannot predict with certainty if MARFEEL MONITORING will be subjected to updates, enhancements, eliminations of certain features or modifications of any kind. MARFEEL will provide the MARFEEL MONITORING tool using reasonable care and skill. However, if MARFEEL were to disable access to the MARFEEL MONITORING tool (in whole or in part), it would cease charging clients who had purchased the product (if billed monthly), or if the CLIENT had paid an annual fee upfront (or several annualities), it will receive a refund of the unaccrued amounts. If MARFEEL MONITORING has been contracted as an upsell, the discontinuation of this service shall not imply the termination of the general contract with MARFEEL.
5.3. Third-Party Platform Integrations: CLIENT may choose to use MARFEEL AMPLIFY, which integrates with third-party platforms (such as social networks, analytics tools, or ad services). If CLIENT decides to connect with any third-party platform, it does so at its own risk and CLIENT is solely responsible for complying with that platform’s terms and policies. These integrations are offered for the CLIENT’s convenience and are entirely optional.
MARFEEL does not control and is not responsible for the availability, performance, or decisions made by these third-party platforms, including any action they may take on CLIENT’s account (such as limiting, suspending, or terminating it). MARFEEL does not guarantee that integrations will function without disruptions or changes, and it shall not be liable for, nor will indemnify against, any issues that arise from CLIENT’s use of or reliance on these third-party platforms. CLIENT releases MARFEEL, its affiliates, and their respective directors, officers, employees, and agents from any claims or consequences arising out of or related to CLIENT’s use of third-party platform integrations.
5.4. Compliance with Applicable AI Laws: CLIENT shall be solely responsible for complying with all applicable laws and legal instruments, including acts, orders, regulations, local laws, and official guidance concerning transparency and disclosure obligations arising from the use of artificial intelligence systems, including without limitation: (i) the EU Artificial Intelligence Act; (ii) any applicable federal or state laws or regulations in the United States; and (iii) any other such instruments applicable in the CLIENT’s jurisdiction. CLIENT must ensure that any AI-generated content provided to end users includes all required disclosures under applicable law and is solely responsible for their form, accuracy, and timely delivery. MARFEEL shall have no liability for the CLIENT’s non-compliance and no obligation to advise or monitor compliance. CLIENT agrees to indemnify and hold MARFEEL harmless against any losses or claims arising from such non-compliance.
6.- LIMITATION OF LIABILITY
6.1. Without prejudice to MARFEEL´s liability for direct damages, in no event shall MARFEEL and/or its officers, directors, employees, agents or representatives be liable for any indirect, special, incidental, consequential, exemplary or punitive damages, or loss of profits, arising from or related to the CLIENT’s use, misuse, or inability to use the SERVICE(S). This includes but but is not limited to contract or tort even if MARFEEL was or should have been aware or advised of the possibility of such damages; or (ii) for any claim attributable to errors, omissions, or other inaccuracies in the SERVICE(S) or destructive properties of the SERVICE(S).
MARFEEL’s aggregate liability for direct damages under this Contract shall not exceed the payments made by the CLIENT during the year in which the claim arose. The aforementioned limitations of liability will not apply to liability arising from gross negligence or willful misconduct.
7.- INDEMNIFICATION
7.1. The CLIENT hereby agrees, to indemnify, defend and hold harmless MARFEEL, its licensors, subcontractors, and its respective directors, officers, shareholders, employees and agents, at its expense, from and against losses, damages, expenses, liabilities and costs stemming from third party claims, actions, or allegations made against MARFEEL relating to, incurred in connection with, or based upon: i) The CLIENT’s use of the SERVICE(S) in violation of this contract; ii) infringement resulting from information, data or content submitted in connection with the SERVICE(S); and/or; iii) The CLIENT’s infringement or potential infringement of any trademark, copyright, and/or intellectual property rights. The CLIENT will reimburse MARFEEL for all necessary expenditures in connection with such claims.
8.- NON-DISCLOSURE AND CONFIDENTIAL INFORMATION
8.1. The PARTIES acknowledge that all information related to the hiring and performance of the SERVICE(S) is confidential. Therefore, each PARTY agrees not to disclose, use, copy or make such information available to third parties unless it obtains prior written consent from the other PARTY. If any governmental agency requires the information, the disclosing PARTY must give the other PARTY reasonable advance written notice of the agency’s request before making such a disclosure.
8.2. Use of data for media studies. Notwithstanding any provision of this Agreement, the Parties agree that Marfeel may use the data collected in an anonymized, aggregated, and non-identifiable manner, ensuring privacy, for statistical purposes and to conduct media studies, such as trend analysis and performance metrics, to improve its services and provide MARFEEL’s client network with general reports and statistics.
9.- DATA PROCESSING
9.1. MARFEEL, as Data Processor, undertakes to process personal data on behalf of the CLIENT following its instructions, according to article 28 of the General Data Protection Regulation (GDPR). Likewise, for MARFEEL EXPERIENCES (e.g. MarfeelPass, Marfeel Forms, etc.), any personal data collected by MARFEEL, will not be used for its own purposes. This Contract will be subject to the DPA attached as Appendix A.
9.2. The CLIENT declares that it knows the content of MARFEEL PRIVACY POLICY located at Marfeel Saas Privacy Policy
9.3. For the processing of Personal Data of: a) California users and households, please refer to Data protection under the California consumer privacy act ("CCPA") ; b) Users located in the Federative Republic of Brazil, please refer to Data Protection under Brazilian data protection law ("LGPD").
9.4. Personal data of the PARTIES, as well as that of individuals responsible for monitoring or executing the agreement, will be collected and processed, respectively, by MARFEEL and the CLIENT for the following purposes:
-
To manage the contractual relationship adequately with the company they represent or for which they work.
-
To maintain commercial contact with the company they represent or for which they work.
The legal basis legitimizing the processing of personal data is the existence of a legal or contractual relationship.
The data will be processed for the duration of the contractual relationship between the PARTIES. Once the contractual relationship concludes, the data shall be blocked for the period during which any liability might arise from the processing or the contract. Once this legal period of limitation and these responsibilities have expired, the data will be deleted.
Data subjects have the right to access, rectify, delete, limit, and oppose the processing of the data, as well as to exercise the other rights recognized in the current legislation on data protection, by contacting the corresponding data controller at the following address:
•MARFEEL: The contact details of the Data Protection Officer are the following: e-mail: dpo@marfeel.com; Address: Avenida Josep Tarradellas, 20-30, sixth floor. 08029 – Barcelona.
•MARFEEL’s UK Representative: MARFEEL is required to have a representative under the UK General Data Protection Regulation (and the Data Protection Act 2018). MARFEEL has appointed Oury Clark as our UK Representative for Data Protection purposes in the UK. You may contact our UK Representative via:
Email: dataprotection@ouryclark.com
Phone: +44 (0) 20 7067 4300;
Post: 10 John Street, London, WC1N 2EB, United Kingdom
When contacting the UK Representative, please include the word “Marfeel” in the subject of any emails or communications related to such inquiries.
•CLIENT: the e-mail and postal address provided at the time of the contract. They may also file a claim with the competent data protection authority.
9.5. If the CLIENT is contracting MARFEEL MONITORING as a standalone service, the following clauses in this Section 9 shall not apply, nor the DPA attached as Appendix A. This is because Marfeel Monitoring relies on information which (i) is not classified as “personal data” under the General Data Protection Regulation (GDPR); (ii) is public information gathered from different monitored platforms; and (iii) does not relate to identifiable individuals.
10.- GENERAL CLAUSES
10.1. Neither PARTY may assign, in whole or in part, its rights or duties under these terms to a third PARTY without the prior written consent of the other PARTY, except for a merger, acquisition or sale of all or substantially all of the PARTY’s assets, stock or business or any other corporate transaction.
10.2. Notifications must be addressed to the following addresses: (i) MARFEEL: Av Josep Tarradellas 20-30, 6th Floor, 08029 Barcelona (Spain); TAX ID: ESB65651259; email: finance@marfeel.com (ii) CLIENT: to the address appointed in the SERVICE ORDER FORM(S). (iii) Notifications conducted this way will take effect as of the date of receipt or, alternatively, from the tenth day following shipment.
10.3. These GTOS, combined with the SERVICE ORDER FORM(S), and any provision agreed in the OBSERVATIONS section of MARFEEL’s contracting platform, collectively represent the valid agreement between the PARTIES. Any amendments to these documents must be mutually agreed upon.
Should there be a conflict among any provisions in the aforementioned documents, the following order of precedence shall apply: i) Firstly the OBSERVATIONS section; ii) Secondly, the SERVICE ORDER FORM(S); iii) Lastly, the GTOS.
Any communication – whether written or oral - that is not documented in the GTOS, the OBSERVATIONS section of MARFEEL’s contracting platform, or the SERVICE ORDER FORM(S) shall not be considered valid, with the exception of a contract termination, which is governed by Section 3.
10.4. Dispute Resolution. If a dispute arises in connection with these GTOS or any documents set out in clause 10.3 above, either Party may send a written notice to the other (a “Dispute Notice”). Within 90 days of that Dispute Notice, the Parties will meet (virtually or in person) to try to resolve the issue in good faith. Each Party must be represented by someone with authority to settle the matter. If the dispute is not resolved within 90 days, the Parties will consider mediation in good faith under the Rules of Mediation of the International Chamber of Commerce.
10.5. These GTOS and any other related contract signed by the PARTIES, shall be interpreted, governed, and construed in accordance with Spanish laws, excluding any other national, regional, or local law. Waiving any other jurisdiction, the PARTIES agree to submit any disputes or discrepancies arising from these conditions to the exclusive jurisdiction of the Courts in the city of Barcelona.
10.6. If the CLIENT accepting this Contract does so on behalf of a company or another legal entity, the person hereby warrants that they have the authority to bind such entity to this Contract.
10.7. MARFEEL may update these GTOs if required for legal and/or regulatory reasons (e.g., to comply with the set of regulations derived from the EU Artificial Intelligence Act).
10.8. If any provision of the GTOS is deemed invalid, unlawful or unenforceable by a competent Court or future legislative action, such a finding shall not limit or preclude the validity or enforceability of the remaining provisions in this document. Any invalidated provision will be replaced with one of a similar effect that reflects the original intent.
APPENDIX A
DATA PROCESSING AGREEMENT
MARFEEL in order to perform the SERVICE(S) specified in the GTOS, will act as the Processor processing personal data on behalf of the CLIENT, who will act as the Controller, in accordance with the conditions stipulated in this DPA. The processing will be executed exclusively within the framework of the GTOS and for all purposes mutually agreed upon subsequently.
Term
This DPA complements the primary contract for the provision of the SERVICE(S); therefore its duration is aligned with that of the GTOS.
Nature and purpose of the processing
The purpose is to generate real-time statistics based on website visitors, enabling the Controller to monitor activity on their website, and segment visitors according to the Controller’s criteria.
Categories of Personal Data:
Device Information:
- IP address
- Operating system version
- Device model
- Country of access
- Navigation level
- User agent
- User ID
User Navigation information:
- Device Information: Details about the device a visitor uses to access the Publisher’s website, which includes device model, operating system and version, unique device identifier, and mobile network details.
- Location information: Data such as IP address, time zone, and mobile service provider, which helps to determine the general location of website visitors.
- User Navigation Information: Specifics regarding a user’s interaction with the Publisher’s website. Specifically, this includes usage frequency, sections visited, functionalities utilized, time spent in each section, scrolling activity, etc.
Information provided by the Publisher:
- Publishers may submit some personal information, such as visitor user ID on the Publisher’s website.
Information deduced or calculated through MARFEEL proprietary software tool:
- All the information collected allows to generate information regarding visitors interests (e.g. engagement to the media, favorite sections, contents, authors, etc. of the Publisher’s website or other similar parameters.
Categories of Data Subject:
Website(s) visitors.
CONTROLLER OBLIGATIONS
In addition to adhering to the obligations specified in the GTOS, the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR), or all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction, the Controller must also fulfill the following obligations in performance of the following tasks:
A. Supply the Processor with the data referred to in this document and provide the necessary instructions for the processing of such data.
B. Inform the website’s visitors about the processing of their data through the software. The information must comply with the provisions established in Articles 12 and 13 of the GDPR. MARFEEL will not be held responsible for failure to comply or inadequacies in meeting the information obligation.
C. Though MARFEEL might provide support or guidance concerning the configuration and implementation of mechanisms to inform and obtain the consent of website visitors in relation to said cookies, adhering to these obligations remains the CLIENT’s responsibility. Any proposal made by MARFEEL in relation to the information and consent of website visitors should be considered merely as recommendations based on standard practices, and not as legal or any other form of advice on the subject. MARFEEL cannot be held accountable for the decisions made by the CLIENT based on information provided by MARFEEL; such decisions are made at the CLIENT’s own risk.
D. Address requests related to the exercise of data subject rights, such as access, rectification, deletion and opposition, restriction or limitation of processing, data portability and the right not to be subjected to automated individual decisions, in collaboration with the Processor.
E. Conduct, if appropriate, an assessment of the impact that the processing operations carried out by the Processor have on personal data protection.
F. Ensure the Processor’s compliance with applicable data protection regulations both prior to and during the processing.
G. Supervise the processing, including the conduction of inspections and audits.
H. Notify the Processor of any changes in the provided personal data, to ensure that it is updated.
PROCESSOR OBLIGATIONS
A. The Processor shall only utilize the personal data as directed by the Controller and will only process the personal data based solely on documented instructions from the Controller.
B. All personal data processed on the Controller’s behalf shall remain property of the Controller and/or the relevant Data subjects. The Processor shall not unilaterally decide on the processing of personal data for other purposes, including decisions about sharing it with third parties or the duration of the data storage.
C. The Processor will endeavor to take adequate technical and organizational measures against loss or any form of unlawful processing (such as unauthorized disclosure, deterioration, alteration or disclosure of personal data) in relation to the processing of personal data under this DPA.
Data collected on behalf of the Controller for the provision of the services described in the GTOS, will be anonymized. Each Data Subject will be assigned a randomly generated identification code and/or any other type of anonymization technique in order to minimize data that could directly or indirectly identify them (e.g. anonymizing the last octet of the IP address).
D. The Processor shall ensure compliance with applicable laws and regulations, including those governing the protection of personal data, such as the GDPR.
E. In the event of a security leak and/or data leak, as defined in article 34a of the GDPR, the Processor will, to the best of its ability, promptly notify the Controller. The Controller will then determine whether to inform the Data subjects and/or the relevant regulatory authority(ies). This reporting obligation is mandatory regardless of the impact of the leak. The Processor will endeavor to ensure that the furnished information is complete, correct, and accurate. The reporting will include: the (suspected) cause of the leak; the (presently known and/or expected) consequences; the (proposed) solution; and the measures already implemented.
The Processor will support the Controller in meeting the obligation to report personal data breaches as stipulated by the GDPR (specifically, articles 33 and 34 of the GDPR) and any other applicable regulation, present or future, that modifies or complements these obligations.
F. Maintain a written record of processing activities conducted on behalf of the person in charge.
G. The processor shall not share, disclose or transfer the personal data in its custody to third parties, not even for storage purposes, without the express authorization of the Controller. The Processor may communicate the data to other data processors.
H. Guarantee that employees authorized to process personal data receive adequate training in data protection. The Processor will also ensure that employees or other individuals authorized to process the personal data under this Agreement are either committed to confidentiality or are bound by an appropriate statutory confidentiality obligation.
I. Assist the Controller in:
a) Performing audits or inspections, conducted either by the Controller or by another auditor authorized by the Controller. The audits may be carried out periodically, either in a planned manner or “ad hoc” way. At the most, they can be conducted once a year, unless specific circumstances justify exceeding this frequency. Audits should be scheduled after giving the Processor 20 calendar day notice and should take place during the Processor’s regular working hours.
b) Conducting impact assessments on the protection of personal data related to the operations carried out by the Data Processor and, if necessary, facilitating prior consultations with the supervisory authority.
J. Upon the conclusion of the provision of SERVICE(S) related to processing, either delete or return all the personal data to the Controller and erase existing copies, unless Union or Member State law mandates the storage of the personal data. The Processor may retain a copy with the data duly blocked, should any responsibilities arise from the execution of the SERVICE(S). The Processor should also take reasonable measures to periodically review retained data and delete or anonymize it for statistical purposes when it is no longer needed.
K. Upon request, provide the Controller with all necessary information to demonstrate compliance with the obligations set out in this DPA.
Limitation of Liability:
The Processor is solely responsible for processing the personal data in accordance with the Controller’s instructions and under the Controller’s (ultimate) responsibility. The Processor is expressly not liable for other personal data processing activities, which includes but is not limited to, processing for purposes not reported by the Controller to the Processor, and data processing by third parties and / or for other purposes.
The Controller guarantees and warrants that it has express consent and/or a legal basis to process the relevant personal data. Furthermore, the Controller represents and warrants that the contents are not unlawful and do not infringe the rights of any third party. In this context, the Controller will defend, indemnify, and hold the Processor harmless from all third-party claims and actions related to the unauthorized processing of personal data and/or any breach of this DPA by the Controller. For further information, refer to Opinion 2/2010 on behavioral advertising by the Article 29 Working Group.
Engaging subcontractors:
Through this agreement, the CLIENT grants a general authorization to the Data Processor to engage other third parties as sub-processors for data processing within the scope of the SERVICE(S).
Should the Data Processor intend to replace existing sub-processors or engage additional sub-processors, it must notify the CLIENT beforehand and in writing, providing a minimum notice period of 15 natural days. This notification should specify the data processing activities intended to be subcontracted and clearly identify the subcontractor together with its contact details.
The sub-contracting may proceed if the CLIENT does not express any objection within the given period.
In there is an objection, and MARFEEL considers that providing the SERVICE(S) without the proposed change becomes burdensome, the following steps will be taken:
- Firstly, both PARTIES will collaborate to reach an agreeable solution within a 30-day period. This solution might involve considering the engagement of a new service provider, if technically feasible, and/ or billing the CLIENT any additional costs associated with maintaining the current service provider or engaging a new one.
- If no mutually agreeable solution is reached, either PARTY may terminate this agreement without any compensation.
Any reimbursement, when applicable, will be subject to the terms outlined in section 3.5 of the GTOS.
In any event, the Data Processor shall ensure that such third parties are obligated to accept the same obligations in writing, as agreed between the Data Controller and the Data Processor.
Currently, MARFEEL has contracts with the following data hosting service providers:
- SCALEWAY, SAS located in France which guarantees a high level of security and availability of the information systems and that provides data hosting services.
- HETZNER ONLINE GMBH located in Germany which guarantees a high level of security and availability of the information systems and that provides data hosting services.
- OVH HISPANO S.L., located in Spain which guarantees a high level of security and availability of the information systems and that provides data hosting services.
International Transfer:
The Processor may process the personal data in countries outside the European Union or the European economic area, only with subcontractors that guarantee an adequate level of protection.
If the Controller is an entity located outside the European Economic Area (EEA), all flows of personal data from the Processor (Exporter) to the Controller (Importer) obtained or derived from the provision of the SERVICE(S) stated in the GTOS, must comply with the conditions stipulated in Chapter V of GDPR. Consequently, to meet these criteria, the CLIENT and MARFEEL under Article 46(2)(c) of Regulation (EU) 2016/679, declare and acknowledge that by signing this GTOS, the Standard Contractual Clauses Module IV, as adopted by the European Commission on July 4, 2021 in resolution C (2021) 3701, contained in the following link, will be an integral part of this DPA: https://community.marfeel.com/t/module-4-scc/11412