Marfeel SaaS General Terms of Service GTOS

Last update: May 14, 2024

1. SCOPE OF THE AGREEMENT

1.1. MARFEEL SOLUTIONS, SL (hereinafter MARFEEL) will provide the SERVICE(S) stated in the SERVICE ORDER FORM(S) on the CLIENT’s websites covered, in accordance with the General Terms of Service (hereinafter GTOS), the SERVICE ORDER FORM(S) and any provision agreed in the OBSERVATIONS section of MARFEEL’s contracting platform. MARFEEL and the CLIENT will be individually referred to as PARTY and jointly referred to as PARTIES.

1.2. MARFEEL and the CLIENT may introduce new SERVICE(S) governed by this GTOS or modify existing ones, by mutually signing an additional SERVICE ORDER FORM(S).

2. FEES AND PAYMENT

2.1. Except for any Free Period, invoices will be issued upfront in accordance with the conditions stated in the Billing Frequency section of the SERVICE ORDER FORM(S). Invoices must be paid within 10 days of the issuance date. If payment is delayed, MARFEEL may charge the maximum conventional interest rate, set by the competent public authority and allowed by regulations from the date the payment was due until it is fully paid.

2.2. CLIENT must pay in EUROS or US DOLLARS, net of all banking fees, taxes, levies, or duties imposed by taxing authorities. CLIENT is responsible for payment of all such fees, taxes, levies, or duties. If CLIENT is required to withhold any portion of SERVICE(S) fees due to payments to banks or taxing authorities, it agrees: (i) to make the necessary withholding and to indemnify MARFEEL should it fail to do so, and (ii) that MARFEEL is entitled to receive the full amount for the SERVICE(S), net of any such withholdings. Therefore MARFEEL reserves the right to adjust the pricing of the SERVICE(S) to ensure receipt of the full amount.

3. TERM AND TERMINATION

3.1. This GTOS will remain in effect for the term specified in the SERVICE ORDER FORM(S). It will automatically renew for the same term unless either party provides written termination notice of at least two (2) months before the end of the current term.

If CLIENT fails to comply with the notice period, the SERVICE ORDER FORM(S) will be automatically renewed for the same term.

3.2. Notwithstanding clause 3.1, CLIENT has the right to terminate the GTOS for any reason within a 4 week period counted from the start day of using the product in the initial SERVICE ORDER FORM. However, this right will not apply to upsells, add- ons, requests of new SERVICES governed by this GTOS and/or modification of current SERVICES.

3.3. MARFEEL may, permanently or temporarily, suspend, terminate or refuse to permit the CLIENT’s use of the SERVICE(S), if MARFEEL determines that the CLIENT : i) fails to comply or is reasonable likely to violate any provision stated herein or any other instruction provided by MARFEEL; ii) does not use the SERVICE(S) in a fair and honest manner; iii) fails to cooperate with MARFEEL to ensure the fulfillment of the contract; or iv) uses the SERVICE(S) in a way that might hinder the performance of the SERVICE(S) or MARFEEL’s networks.

CLIENT has 10 calendar days from the date of receiving a notice from MARFEEL to cure the breach or take reasonable steps to remedy the violation. If the breach or potential breach is not remedied within such period, MARFEEL may take the actions mentioned above.

3.4. Upon termination of this Agreement, all licenses, and any other rights and SERVICE(S) provided by MARFEEL to the CLIENT under this Contract, will cease immediately. Unless otherwise specified in the applicable SERVICE ORDER FORM(S), MARFEEL will have no obligation to store, retain or provide any Traffic Data (historical or otherwise) to the CLIENT.

3.5. In the event of early termination, MARFEEL will only reimburse the CLIENT for the prorated amount of unaccrued fees. Under no circumstances will the onboarding fee be reimbursed.

Survival: Sections 2, 5 through 8 inclusive, and section 10.4 will survive any termination of this Contract. Upon termination of this Contract, the CLIENT must cease any further use of the SERVICE(S).

4. RIGHTS AND OBLIGATIONS

4.1. MARFEEL grants the CLIENT a non-sublicensable, non-transferable, non-exclusive, revocable, limited license to use: (i) the SERVICE(S) and (ii) certain proprietary documentation generally made available by MARFEEL for use with the Software (the “Documentation”) solely for receiving the MARFEEL´S SERVICE(S). The CLIENT’s use of the SERVICE(S) must adhere to the terms and conditions of this GTOS in compliance with Laws and the applicable policies set by MARFEEL. MARFEEL also grants a non-exclusive, non-transferable, revocable, limited license to access and use its API solely in connection with the use of the SERVICE(S).

4.2. The CLIENT agrees to: (i) use the SERVICE(S) in accordance with this GTOS, SERVICE ORDER FORM(S), DATA PROCESSING AGREEMENT (hereinafter “DPA”) and the OBSERVATIONS section on MARFEEL´S contracting platform. (ii) be responsible for its’ users compliance within this Contract; (iii) acknowledge that MARFEEL may change, modify, add to or discontinue or retire any aspect or feature of its SERVICE(S) at any time without any obligation to notify the CLIENT, provided there is no change to the description of the SERVICE(S) specified in the SERVICE ORDER FORM(S). If there is any modification to the features of the SERVICE(S) as stated in the SERVICE ORDER FORM(S), these modifications will be solely to the benefit of the CLIENT. In that event, MARFEEL will notify the CLIENT with a 15 business day written notice. Occasionally, MARFEEL may release upgrades, fixes or new versions of the SERVICE(S), but these upgrades might not be consistent across all platforms and devices; (iv) use commercially reasonable efforts to prevent unauthorized use or access to the SERVICE(S) by any third party, any account or password, or any copying of the software. The CLIENT will notify MARFEEL immediately of any such unauthorized activities and will not provide access to the SERVICE(S) to any unauthorized personnel and/ or any third party; and (v) MARFEEL is not responsible for the content or texts that appear in MARFEEL EXPERIENCES (e.g. MarfeelPass, Marfeel Forms, etc.) and the CLIENT is solely responsible for seeking proper guidance and legal assistance to ensure that all texts comply with Data Protection and other applicable regulations.

4.3. The CLIENT shall retain all rights to the Traffic Data, subject to the rights and licenses granted in this agreement. “Traffic Data” refers to all data and information created, received, processed, or provided by MARFEEL while performing the SERVICE(S), or resulting from the performance of the SERVICE(S) for the CLIENT. Through this agreement, the CLIENT grants MARFEEL the necessary rights to access and monitor Traffic Data related to the CLIENT’S website, solely in connection with providing the SERVICE(S) during the term of this Contract. MARFEEL does not claim ownership of the Traffic Data.

4.4. The CLIENT shall not, and shall not permit others to: (i) reverse engineer, disassemble, or decompile of any part of the SERVICE(S); (ii) remove any copyright notices, trademarks or other proprietary notices or restrictions from the SERVICE(S); (iii) use or modify the SERVICE(S) in a manner that would subject the software, either in whole or in part, to a Copyleft License (as defined below); (iv) use the SERVICE(S), or permit it to be used, for purposes of benchmarking, performance tests or other comparative analysis intended for publication or disclosure to third parties; (v) except as permitted by this Contract, directly or indirectly: distribute, disclose, communicate, sell, sublicense, rent, lease, market, use or commercialize the SERVICE(S) (or any part thereof); (vi) provide the SERVICE(S) on a time sharing, hosting company, or similar basis; (vii) replicate any features, functions or graphics of the Product beyond what is expressly authorized in this Contract; (viii) send, store, access or authorize a third party to send, store or access spam, unlawful, infringing, obscene or libelous material as well as viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; (ix) interfere with or disrupt the integrity or performance of the SERVICE(S). “Copyleft License” refers to a software license that mandates the public release of information necessary for reproducing and modifying such software to recipients of its executable versions.

4.5. Nothing in this Agreement grants the CLIENT any rights whatsoever to, or relating to the source code of the Software, beyond the limited right to place MARFEEL’s JavaScripts on the CLIENT’S website(s). All ownership rights, title, and Intellectual Property Rights in the SERVICE(S) shall remain with MARFEEL and/or its licensors.

4.6. MARFEEL is the owner of all the Intellectual Property rights over the SERVICE(S), the trademarks, distinctive signs and contents associated with it, which have not been generated by clients, partners or collaborators.

4.7. The CLIENT acknowledges that MARFEEL may use its name and/or logo for awards, case studies, public relations and other marketing purposes, unless the CLIENT instructs otherwise by giving MARFEEL a written notice.

4.8. The CLIENT acknowledges that MARFEEL may need to access the CLIENT’s platform for the following purposes: to ensure that the SERVICE(S) is provided to the expected level, to optimize the platform or to verify that the platform is functioning adequately, unless otherwise specified via a written statement from the CLIENT.

5. WARRANTY DISCLAIMER

5.1. MARFEEL guarantees that the provision of the SERVICE(S) will be performed in a professional manner and with all necessary measures to ensure correct performance. However, MARFEEL does not warrant merchantability, fitness for a particular purpose or noninfringement. The SERVICE is provided by the COMPANY and its licensors "as is’’ and “as available”. The CLIENT assumes all risks associated with the use of the SERVICES. Moreover, while MARFEEL will make its best effort to provide accurate classification concerning traffic, sources and channels, it cannot always guarantee precision in this classification. This is because the data is sourced from Tech Providers, who might sometimes deliberately hide or disguise attributes, affecting accurate classification. . For this reason, any claims of imprecision cannot constitute grounds for early termination of the contract, nor can they be a basis to request any kind of compensation.

6.- LIMITATION OF LIABILITY

6.1. Without prejudice to MARFEEL´s liability for direct damages, in no event shall MARFEEL and/or its officers, directors, employees, agents or representatives be liable for any indirect, special, incidental, consequential, exemplary or punitive damages, or loss of profits, arising from or related to the CLIENT’s use, misuse, or inability to use the SERVICE(S). This includes but but is not limited to contract or tort even if MARFEEL was or should have been aware or advised of the possibility of such damages; or (ii) for any claim attributable to errors, omissions, or other inaccuracies in the SERVICE(S) or destructive properties of the SERVICE(S).

MARFEEL’s aggregate liability for direct damages under this Contract shall not exceed the payments made by the CLIENT during the year in which the claim arose. The aforementioned limitations of liability will not apply to liability arising from gross negligence or willful misconduct.

7. INDEMNIFICATION

7.1. The CLIENT hereby agrees, to indemnify, defend and hold harmless MARFEEL, its licensors, subcontractors, and its respective directors, officers, shareholders, employees and agents, at its expense, from and against losses, damages, expenses, liabilities and costs stemming from third party claims, actions, or allegations made against MARFEEL relating to, incurred in connection with, or based upon: i) The CLIENT’s use of the SERVICE(S) in violation of this contract; ii) infringement resulting from information, data or content submitted in connection with the SERVICE(S); and/or; iii) The CLIENT’s infringement or potential infringement of any trademark, copyright, and/or intellectual property rights. The CLIENT will reimburse MARFEEL for all necessary expenditures in connection with such claims.

8. NON-DISCLOSURE AND CONFIDENTIAL INFORMATION

8.1. The PARTIES acknowledge that all information related to the hiring and performance of the SERVICE(S) is confidential. Therefore, each PARTY agrees not to disclose, use, copy or make such information available to third parties unless it obtains prior written consent from the other PARTY. If any governmental agency requires the information, the disclosing PARTY must give the other PARTY reasonable advance written notice of the agency’s request before making such a disclosure.

9. DATA PROCESSING

9.1. MARFEEL, as Data Processor, undertakes to process personal data on behalf of the CLIENT following its instructions, according to article 28 of the General Data Protection Regulation (GDPR). Likewise, for MARFEEL EXPERIENCES (e.g. MarfeelPass, Marfeel Forms, etc.), any personal data collected by MARFEEL, will not be used for its own purposes. This Contract will be subject to the DPA attached as Appendix A.

9.2. The CLIENT declares that it knows the content of MARFEEL PRIVACY POLICY located at https://community.marfeel.com/t/marfeel-saas-privacy-policy/7500

9.3. For the processing of Personal Data of: a) California users and households, please refer to https://community.marfeel.com/t/annex-1-data-protection-under-the-california-consumer-privacy-act-ccpa/7501 ; b) Users located in the Federative Republic of Brazil, please refer to https://community.marfeel.com/t/annex-2-data-protection-under-brazilian-data-protection-law-lgpd/7502.

9.4. Personal data of the PARTIES, as well as that of individuals responsible for monitoring or executing the agreement, will be collected and processed, respectively, by MARFEEL and the CLIENT for the following purposes:

  • To manage the contractual relationship adequately with the company they represent or for which they work.
  • To maintain commercial contact with the company they represent or for which they work.

The legal basis legitimizing the processing of personal data is the existence of a legal or contractual relationship.

The data will be processed for the duration of the contractual relationship between the PARTIES. Once the contractual relationship concludes, the data shall be blocked for the period during which any liability might arise from the processing or the contract. Once this legal period of limitation and these responsibilities have expired, the data will be deleted.

Data subjects have the right to access, rectify, delete, limit, and oppose the processing of the data, as well as to exercise the other rights recognized in the current legislation on data protection, by contacting the corresponding data controller at the following address:

•MARFEEL: The contact details of the Data Protection Officer are the following: e-mail: dpo@marfeel.com; Address: Avenida Josep Tarradellas, 20-30, sixth floor. 08029 – Barcelona.
•The CLIENT: the e-mail and postal address provided at the time of the contract. They may also file a claim with the competent data protection authority.

10. GENERAL CLAUSES

10.1. Neither PARTY may assign, in whole or in part, its rights or duties under these terms to a third PARTY without the prior written consent of the other PARTY, except for a merger, acquisition or sale of all or substantially all of the PARTY’s assets, stock or business or any other corporate transaction.

10.2. Notifications must be addressed to the following addresses: (i) MARFEEL: Av Josep Tarradellas 20-30, 6th Floor, 08029 Barcelona (Spain); TAX ID: ESB65651259; email: finance@marfeel.com (ii) CLIENT: to the address appointed in the SERVICE ORDER FORM(S). (iii) Notifications conducted this way will take effect as of the date of receipt or, alternatively, from the tenth day following shipment.

10.3. This GTOS, combined with the SERVICE ORDER FORM(S), and any provision agreed in the OBSERVATIONS section of MARFEEL’s contracting platform, collectively represent the valid agreement between the PARTIES. Any amendments to these documents must be mutually agreed upon.

Should there be a conflict among any provisions in the aforementioned documents, the following order of precedence shall apply: i) Firstly the OBSERVATIONS section; ii) Secondly, the SERVICE ORDER FORM(S); iii) Lastly, the GTOS.

Any communication – whether written or oral - that is not documented in the GTOS, the OBSERVATIONS section of MARFEEL’s contracting platform, or the SERVICE ORDER FORM(S) shall not be considered valid, with the exception of a contract termination, which is governed by Section 3.

10.4. These GTOS and any other related contract signed by the PARTIES shall be interpreted, governed, and construed in accordance with Spanish laws, excluding any other national, regional, or local law. Waiving any other jurisdiction, the PARTIES agree to submit any disputes or discrepancies arising from these conditions to the exclusive jurisdiction of the Courts in the city of Barcelona.

10.5. If any provision of the GTOS is deemed invalid, unlawful or unenforceable by a competent Court or future legislative action, such a finding shall not limit or preclude the validity or enforceability of the remaining provisions in this document. Any invalidated provision will be replaced with one of a similar effect that reflects the original intent.

APPENDIX A

DATA PROCESSING AGREEMENT

MARFEEL as Processor undertakes to process personal data on behalf of the CLIENT, who acts as the Controller, in accordance with the conditions stipulated in this DPA. The processing will be executed exclusively within the framework of the GTOS and for all purposes mutually agreed upon subsequently.

Object

To deliver the SERVICE(S) under the framework of the GTOS and provide the SERVICE(S) effectively, the Processor may access personal data for which the Controller is responsible.

The Processor is obligated to process Personal Data as needed in order to perform the SERVICE(S) specified in the GTOS.

Term

This DPA complements the primary contract for the provision of the SERVICE(S); therefore its duration is aligned with that of the GTOS.

Nature and purpose of the processing

The purpose is to generate real-time statistics based on website visitors, enabling the Controller to monitor activity on their website, and also segment visitors according to theController’s criteria.

Categories of Personal Data:

Device Information: IP address, Operating system version, Device model, Country of access, Navigation level, User agent, User ID.

User Navigation information:

Device Information: Details about the device a visitor uses to access the Publisher’s website, which includes device model, operating system and version, unique device identifier, and mobile network details.

Location information: Data such as IP address, time zone, and mobile service provider, which helps to determine the general location of website visitors.

User Navigation Information: Specifics regarding a user’s interaction with the Publisher’s website. Specifically, this includes usage frequency, sections visited, functionalities utilized, time spent in each section, scrolling activity, etc.

Information provided by the Publisher:

Publishers may submit some personal information, such as visitor user ID on the Publisher’s website.

Information deduced or calculated through MARFEEL proprietary software tool:

All the information collected allows to generate information regarding visitors interests (e.g. engagement to the media, favorite sections, contents, authors, etc. of the Publisher’s website or other similar parameters.

Categories of Data Subject:

Website(s) visitors.

Controller obligations

In addition to adhering to the obligations specified in the GTOS, the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR), or all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction, the Controller must also fulfill the following obligations in performance of the following tasks:

A. Supply the Processor with the data referred to in this document and provide the necessary instructions for the processing of such data.

B. Inform the website’s visitors about the processing of their data through the software. The information must comply with the provisions established in Articles 12 and 13 of the GDPR. MARFEEL will not be held responsible for failure to comply or inadequacies in meeting the information obligation.

C. Collect data from website visitors using the appropriate legal basis. The CLIENT acknowledges that the SERVICE(S) may entail the installation of tracking devices in the browsers of website visitors (e.g. cookies). Hence the CLIENT must adhere to regulations concerning their usage and installation/implementation. In this context and when required by applicable regulations, the CLIENT is obliged to offer clear and comprehensive information about the purposes of any cookie or similar technology that stores information (or accesses stored information ) on the devices of website visitors, and where appropriate, obtain their prior consent in accordance with GDPR standards.

Though MARFEEL might provide support or guidance concerning the configuration and implementation of mechanisms to inform and obtain the consent of website visitors in relation to said cookies, adhering to these obligations remains the CLIENT’s responsibility. Any proposal made by MARFEEL in relation to the information and consent of website visitors should be considered merely as recommendations based on standard practices, and not aslegal or any other form of advice on the subject. MARFEEL cannot be held accountable for the decisions made by the CLIENT based on information provided by MARFEEL; such decisions are made at the CLIENT’s own risk.

D. Address requests related to the exercise of data subject rights, such as access, rectification, deletion and opposition, restriction or limitation of processing, data portability and the right not to be subjected to automated individual decisions, in collaboration with the Processor.

E. Conduct, if appropriate, an assessment of the impact that the processing operations carried out by the Processor have on personal data protection.

F. Ensure the Processor’s compliance with applicable data protection regulations both prior to and during the processing.

G. Supervise the processing, including the conduction of inspections and audits.

H. Notify the Processor of any changes in the provided personal data, to ensure that it is updated.

Processor obligations

A. The Processor shall only utilize the personal data as directed by the Controllerand will only process the personal data based solely on documented instructions from the Controller.

Should the Data Processor believe that adhering to an instruction from the Controller could result in a breach of data protection regulations, the Processor will immediately notify the Controller. In this notice, the Processor will request the Controller to amend, retract or confirm the given instruction, and may suspend its execution until the Controller provides a directive.

B. All personal data processed on the Controller’s behalf shall remain property of the Controller and/or the relevant Data subjects. The Processor shall not unilaterally decide on the processing of personal data for other purposes, including decisions about sharing it with third parties or the duration of the data storage.

C. The Processor will endeavor to take adequate technical and organizational measures against loss or any form of unlawful processing (such as unauthorized disclosure, deterioration, alteration or disclosure of personal data) in relation to the processing of personal data under this DPA.

Data collected on behalf of the Controller for the provision of the services described in the GTOS, will be pseudonymized. Each Data Subject will be assigned a randomly generated identification code and/or any other type of pseudonymization technique in order to minimize data that could directly or indirectly identify them (e.g. anonymizing the last octet of the IP address).

D. The Processor shall ensure compliance with applicable laws and regulations, including those governing the protection of personal data, such as the GDPR.

E. In the event of a security leak and/or data leak, as defined in article 34a of the GDPR, the Processor will, to the best of its ability, promptly notify the Controller. The Controller will then determine whether to inform the Data subjects and/or the relevant regulatory authority(ies). This reporting obligation is mandatory regardless of the impact of the leak. The Processor will endeavor to ensure that the furnished information is complete, correct, and accurate. The reporting will include:

· the (suspected) cause of the leak;
· the (presently known and/or expected) consequences;
· the (proposed) solution;
· the measures already implemented.

The Processor will support the Controller in meeting the obligation to report personal data breaches as stipulated by the GDPR (specifically, articles 33 and 34 of the GDPR) and any other applicable regulation, present or future, that modifies or complements these obligations.

F. Maintain a written record of processing activities conducted on behalf of the person in charge.

G. The processor shall not share, , disclose or transfer the personal data in its custody to third parties, not even for storage purposes, without the express authorization of the Controller. The Processor may communicate the data to other data processors.

H. Guarantee that employees authorized to process personal data receive adequate training in data protection. The Processor will also ensure that employees or other individuals authorized to process the personal data under this Agreement are either committed to confidentiality or are bound by an appropriate statutory confidentiality obligation.

I. Assist the Controller in:

a) Performing audits or inspections, conducted either by the Controller or by another auditor authorized by the Controller. The audits may be carried out periodically, either in a planned manner or “ad hoc” way, at the most, they can be conducted once a year, unless specific circumstances justify exceeding this frequency. Audits should be scheduled after giving the Processor a 20 calendar day notice and should take place during the Processor’s regular working hours.

b) Conducting impact assessments on the protection of personal data related to the operations carried out by the Data Processor and, if necessary, facilitating prior consultations with the supervisory authority.

J. Upon the conclusion of the provision of SERVICE(S) related to processing, either delete or return all the personal data to the Controller and erase existing copies, unless Union or Member State law mandates the storage of the personal data. The Processor may retain a copy with the data duly blocked, should any responsibilities arise from the execution of the SERVICE(S). The Processor should also take reasonable measures to periodically review retained data, and delete or anonymize it for statistical purposes when it is no longer needed.

K. Upon request, provide the Controller with all necessary information to demonstrate compliance with the obligations set out in this DPA.

Limitation of Liability:

The Processor is solely responsible for processing the personal data in accordance with the Controller’s instructions and under the Controller’s (ultimate) responsibility. The Processor is expressly not liable for other personal data processing activities, which includes but is not limited to, processing for purposes not reported by the Controller to the Processor, and data processing by third parties and / or for other purposes.

The Controller guarantees and warrants that it has express consent and/or a legal basis to process the relevant personal data. Furthermore, the Controller represents and warrants that the contents are not unlawful and do not infringe the rights of any third party. In this context, the Controller will defend, indemnify, and hold the Processor harmless from all third-party claims and actions related to the unauthorized processing of personal data and/or any breach of this DPA by the Controller. For further information, refer to Opinion 2/2010 on behavioral advertising by the Article 29 Working Group.

Engaging subcontractors:

Through this agreement, the CLIENT grants a general authorization to the Data Processor to engage other third parties as sub-processors for data processing within the scope of the SERVICE(S).

Should the Data Processor intend to replace existing sub-processors or engage additional sub-processors, it must notify the CLIENT beforehand and in writing, providing a minimum notice period of 15 natural days. This notification should specify the data processing activities intended to be subcontracted and clearly identify the subcontractor together with its contact details.

The sub-contracting may proceed if the CLIENT does not express any objection within the given period.

In there is an objection, and MARFEEL considers that providing the SERVICE(S) without the proposed change becomes burdensome, the following steps will be taken:

Firstly, both PARTIES will collaborate to reach an agreeable solution within a 30-day period. This solution might involve considering the engagement of a new service provider, if technically feasible, and/ or billing the CLIENT any additional costs associated with maintaining the current service provider or engaging a new one.

If no mutually agreeable solution is reached, either PARTY may terminate this agreement without any compensation.

Any reimbursement, when applicable, will be subject to the terms outlined in section 3.5 of the GTOS.

In any event, the Data Processor shall ensure that such third parties are obligated to accept the same obligations in writing, as agreed between the Data Controller and the Data Processor.

Currently, MARFEEL has contracts with the following data hosting service providers:

SCALEWAY, SAS located in France which guarantees a high level of security and availability of the information systems and that provides data hosting services.
HETZNER ONLINE GMBH located in Germany which guarantees a high level of security and availability of the information systems and that provides data hosting services.
OVH HISPANO S.L., located in Spain which guarantees a high level of security and availability of the information systems and that provides data hosting services.

International Transfer:

The Processor may process the personal data in countries outside the European Union or the European economic area, only with subcontractors that guarantee an adequate level of protection. It must also adhere to the other obligations set forth in this Data Processing Clause and the GDPR, and obtain written authorization from the Controller.

If the Controller is an entity located outside the European Economic Area (EEA), all flows of personal data from the Processor (Exporter) to the Controller (Importer) obtained or derived from the provision of the SERVICE(S) stated in the GTOS, must comply with the conditions stipulated in Chapter V of GDPR. Consequently, to meet these criteria, the CLIENT and MARFEEL under Article 46(2)(c) of Regulation (EU) 2016/679, declare and acknowledge that by signing this GTOS, the Standard Contractual Clauses Module IV, as adopted by the European Commission on July 4, 2021 in resolution C (2021) 3701, contained in the following link, will be an integral part of this DPA: https://community.marfeel.com/t/module-4-scc/11412