Terms of Service
Effective from 24 May 2018
1.1. These Terms specify the agreement between You and Optimal regarding the Services. They set out our obligations as a service provider and Your obligations as a customer. Please read them carefully.
1.2. These Terms apply from the time that Optimal provides You with access to any Service. By using the Services You acknowledge that You have read and understood and agree to be bound by these Terms.
1.3. If You are using the Services on behalf of a business, You represent to us that You have authority to bind that business or entity to these Terms and that business accepts these Terms.
1.4. The Services are provided for the length of term chosen by You in the Registration Application, subject to Optimal’s right to suspend the Services or terminate this Agreement in accordance with clause 22.
2. Access to the Services
- 2.1. Optimal grants You the right to access and use the Services You have purchased via the Website and according to Your subscription type. This right is non-exclusive, non-transferable, and limited by and subject to this Agreement.
3. Changes to the Services
- 3.1. Provided that the Services continue to comply with the description set out in the Online Documentation, Optimal may at any time modify the Services, the Optimal Materials and Technology and/or the manner in which the Services are delivered. We will notify You if We make a significant change to the Services.
4. Restrictions on use
4.1. You must only use the Service and Website for Your own lawful internal business purposes, in accordance with this Agreement and any notice sent by Optimal or condition posted on the Website.
4.2. You must not operate or use the Services if You are under the age of 16.
4.3. As a condition of access, when accessing and using the Services, You must:
- 4.3.1. not collect or attempt to collect any information or communication about any other users of the Service including by monitoring or by intercepting any process or communication initiated by the Service;
- 4.3.2. not attempt to undermine the security or integrity of Optimal's computing systems or networks or, where the Services are hosted by a third party, that third party's computing systems and networks;
- 4.3.3. not attempt to gain unauthorized access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services are hosted;
- 4.3.4. not transmit, or input into the Services or the Website, any files that may damage any other person's computing devices or software (including by introducing any malicious software or code);
- 4.3.5. not input into the Services or the Website any content that may be offensive, or material or data in violation of any law (including data or other material protected by copyright or trade secrets which You do not have the right to use);
- 4.3.6. not attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Website; and
- 4.3.7. not grant or assign rights in the Services or the Website in any way (except that You may distribute or sell the information created by Your use of the Service).
5. Fees and payment
5.1. You must pay the Service Fee in advance. The applicable Service Fee for the Services is specified in the Registration Application.
5.2. If You have selected to receive the Services for a fixed term, renewal of that term will incur a further Service Fee. The list of Service Fees is available at www.optimalworkshop.com.
5.3. We may change the Service Fees at any time. If You have selected to receive the Services for a term, any changes will commence at the beginning of any further or renewal term.
5.4. Where You are a New Zealand resident all pricing and fees are inclusive of New Zealand Goods and Services Tax of 15%.
5.5. All prepaid survey credits expire 24 months after purchase unless utilised.
5.6. Where You have mistakenly overpaid Optimal including as a result of any defect or error in any banking transaction initiated as part of the Optimal product download or Service Fees payment process, Optimal will refund You within 14 days when You contact us by emailing email@example.com.
5.7. No other refund will be provided, including refunds for failure to terminate Your subscription prior to renewal or for selection of an incorrect product.
6. Your Account information
6.1. You agree to provide us with accurate and complete registration and account information and to maintain and promptly update that information in the event of any changes to ensure it is current at all times.
6.2. You agree to keep Your login details confidential and secure and will not share them with others.
6.3. You are solely responsible for all activity in connection with access to the Services and/or Website through your account or using your login.
6.4. If You know or suspect that Your login information has or is likely to become used in an unauthorized way You must immediately change Your password. If You are unable to change Your password, You must immediately notify Optimal by email at firstname.lastname@example.org. We may request that you change your password(s) in connection with the Services at any time, and you will promptly comply with any such request and all reasonable directions We issue in relation to the Services.
- 7.1. If You have queries that are not addressed in the Online Documentation You may email them to Optimal at email@example.com. Optimal will not charge You additional fees for support provided in response to such queries. We will endeavour to respond to Your queries but nothing in this clause commits Optimal to a course of action or priority or to a timeframe for any response it may make to support queries.
8. Participant recruitment
If You purchase a pre-paid recruitment package:
8.1. We will provide survey participants within 7 days of the request;
8.2. where We have provided survey participants if You are not satisfied with the participants You must advise us within 5 days. We will provide alternative participants within 7 days;
8.3. no refunds are available;
8.4. You must not request uniquely identifying information, for example, name and email address, from participants; and
8.5. the package expires 24 months after purchase.
9.1. Each party warrants:
- 9.1.1. it has full power, capacity and authority to execute, deliver and perform its obligations under this Agreement; and
- 9.1.2. once executed, this Agreement constitutes legal, valid and binding obligations and is enforceable in accordance with its terms.
9.2. Optimal warrants that the Service will perform substantially in accordance with the Online Documentation.
10. Warranty limitations
10.1. Other than the warranties in clause 9, Optimal makes no other warranty, representation or undertaking whatsoever in respect of the Services, including that Optimal does not warrant that the Services or any data will meet Your requirements or that they will be suitable for any particular purpose, will be compatible with any application, program or software not specifically identified as compatible or will be secure, uninterrupted or error-free.
10.2. To avoid doubt, all implied conditions or warranties are excluded in so far as is permitted by law, including warranties of merchantability, fitness for purpose, title and non-infringement.
10.3. You are acquiring the Services for the purposes of a business and the Consumer Guarantees Act 1993 does not apply to this Agreement.
10.4. The warranty in clause 9. 2 will not apply where the Service is provided at no charge or to the extent any non-conformance is caused by:
- 10.4.1. use of the Service contrary to Optimal’s instructions;
- 10.4.2. You, or by any product or service not provided by Optimal; or
- 10.4.3. the transfer of data over third party communication networks or facilities, including the Internet, and You acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such networks or facilities.
11. Warranty remedy
11.1. To make a claim under the warranty in clause 9. 2, You must send an email to firstname.lastname@example.org indicating clearly in what way the Service fails to perform in accordance with the warranty.
11.2. Where Optimal has breached the warranty in clause 9. 2, the entire and exclusive liability of Optimal, and Your remedy is limited (at Optimal's option), to the re-supply of the relevant Service, or the refund of the Service Fee You paid for the current term of supply of the Service.
12. Limitation of Liability
12.1. To the greatest extent possible in accordance with applicable laws, We specifically disclaim any liability (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental or consequential damages arising out of or in any way connected with the access to or use of the Services or the Website.
12.2. In all cases where our liability is not excluded:
- 12.2.1. our liability is limited to the total amount We have received from You for the Service that the liability directly relates to; and
- 12.2.2. We will not be liable for any indirect, incidental, special or consequential damages, (including loss of profit, business, revenue, goodwill, anticipated savings, information or data).
12.3. Your only right with respect to dissatisfaction or problems with the Service, other than as provided for in clause 11, is to cease to access and to use the Service.
- 13.1. You indemnify Optimal against all claims, costs, damage and loss arising from Your breach of any of these Terms or any obligation You may have to Optimal, including any third party claims and any costs relating to the recovery of any fees that are due but have not been paid.
- 14.1. You consent to Optimal’s Privacy Notice (available here: privacy notice) which explains how We process any personal information We collect.
15.1. Each party's obligations under this clause will survive termination of these Terms. Unless the relevant party has the prior written consent of the other or unless required to do so by law:
- 15.1.1. Each party will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or use the same for its own benefit, other than as contemplated by these Terms.
- 15.1.2. Clause 15.1.1 will not apply to any information which:
- 22.214.171.124. is or becomes public knowledge other than by a breach of this clause;
- 126.96.36.199. is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;
- 188.8.131.52. is in the possession of the receiving party without restriction in relation to disclosure before the date of receipt from the disclosing party; or
- 184.108.40.206. is independently developed without access to the Confidential Information.
16. Intellectual Property
16.1. You acknowledge and agree that Optimal or its licensor is and remains the owner of, and retains all Intellectual Property Rights in the Optimal Materials and Technology, the Services, the Website and any derivative works of them. Except for the right to access the Services and the Website provided for in this Agreement, You do not obtain any rights in the Optimal Materials and Technology or the Services.
16.2. Each party consents to the other party’s use of its brand for the purpose of promoting the use of the Optimal services by other potential customers. There is no charge associated with such use and use must be in accordance with any brand use guidelines notified by the owning party from time to time.
17. Third party components
- 17.1. Where the Optimal Materials and Technology incorporate products provided by third parties that require You to comply with end user licensing terms or copyright statements, the applicable licensing terms and copyright statements are referenced on the Website. You agree with and will comply with such third party license terms.
18.1. As between You and Optimal:
- 18.1.1. Optimal owns the rights, title, interest and intellectual property rights in the Optimal Data. Optimal grants You the right, for the term of this Agreement, to access and use any Optimal Data that We supply to You in relation to the Services; and
- 18.1.2. You own the rights, title, and interest and intellectual property rights in the Customer Data. You grant Optimal the right to access and use the Customer Data in relation to the Services, to provide support and (in an anonymised form) for the purposes of analysing its business and technical performance and developing the Services and new products and services.
18.2. Where You incorporate or enter data into the Services You must ensure, in relation to such data, that:
- 18.2.1. You collect and maintain any personal information in the data in compliance with privacy laws;
- 18.2.2. You obtain any necessary third party permissions or consents (including from participants);
- 18.2.3. You comply with any applicable third party license terms; and
- 18.2.4. the data does not incorporate any unlawful, illegal, fraudulent or harmful data.
18.3. Subject to clause 18. 5, You may export or delete the Customer Data including Your surveys and related participant responses at any time. If You delete a survey, all of the information will be held for 1 year then permanently deleted within 40 days.
18.4. Where You have an account that allows team members to generate and access surveys in relation to that account, you are responsible for any action by such team members including all data that team members incorporate or enter into the Services.
18.5. On cancellation of Your account or termination of Services in accordance with clause 21 or termination of this Agreement or Your access to the Data in accordance with clause 22, Your Customer Data will be held for 1 year then permanently deleted within 40 days unless applicable law requires retention. Retained data is subject to the confidentiality provisions of the Agreement.
19. Data Processing Agreement
- 19.1. The Data Processing Agreement set out in Annex A applies to the extent that Optimal is processing Personal Data subject to EU Data Protection Law in the course of the performance of the Services.
20. Security and privacy
20.1. We will endeavour to provide a secure environment to protect the integrity and security of the Service and of Your information and to prevent data loss. However, except where We are liable under the Applicable Data Protection Law, We provide no guarantee or warranty in relation to data loss or data breaches. You are responsible for backing up the Customer Data.
20.2. We will inform You without due delay and within any requirements of the Applicable Data Protection Law if We become aware of a security incident or privacy breach involving the Customer Data and will provide reasonable information and cooperation to You to allow You to fulfil any data breach reporting obligations You may have under Applicable Data Protection Law.
20.3. In the event of a security incident or privacy breach, We will take reasonable and necessary measures and actions to mitigate the incident or breach and/or impact of its effects and We will notify You of any subsequent changes to the Website or Services.
21.1. You can cancel Your account and/or terminate the Services at any time by email sent to email@example.com.
21.2. If You selected to receive the Services for a fixed term and You cancel Your account or terminate the Services before the end of that fixed term, Optimal will not provide any refund for any remaining prepaid period for the fixed term.
21.3. If You have a free trial account and the Services have not been utilised within the previous 12 months then Optimal may, on notice to You, cancel Your access to the Services.
22. Suspension and termination
- 22.1.1. You breach any of these Terms and the breach is not capable of being remedied;
- 22.1.2. You breach any of these Terms where the breach is capable of being remedied but You do not remedy the breach within 14 days after receiving notice of the breach;
- 22.1.3. You or Your business become insolvent, go into liquidation, have a receiver or manager appointed, make any arrangement with Your creditors, or become subject to any similar insolvency event in any jurisdiction;
- 22.1.4. Optimal has not received payment of an invoice issued to You within 30 days after the due date, and You have failed to remedy the non-payment within 14 days of receiving notice of the non-payment; and/or
- 22.1.5. Your continued use of the Service may result in material harm to Optimal services or any of its users, then Optimal may, at its sole discretion:
- 22.1.6. terminate this Agreement and/or Your use of the Services and the Website; or
- 22.1.7. suspend for any definite or indefinite period of time, Your access to and use of the Services and the Website.
22.2. Where We take any action under this clause 22, We will promptly notify You.
23. Consequences of termination
23.1. Termination of these Terms is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this Agreement You will:
23.2. remain liable for any accrued charges and amounts which become due for payment before or after termination; and
23.3. immediately cease to use the Services and the Website.
23.4. Clauses 5, 9, 10, 11, 12, 13, 15, 16, 19, and 27 survive the expiry or termination of these Terms.
24. Service and Maintenance
- 24.1. From time to time, and for the purpose of Optimal or its service supplier contractors performing routine maintenance, applying software updates and security patches and updates, the Services may be unavailable to You. We will endeavour to notify You of substantial outages in advance.
- 25.1. We may amend these Terms at any time with reasonable prior notice, by posting the revised version on the Website, by notifying you in accordance with clause 26 or by communicating it to You through the Services). Revised terms will be effective from the time they are posted, but will not apply retroactively. Your continued use of the Services after the posting of revised terms constitutes Your acceptance of such revised terms.
- 26.1. Optimal will deliver all notices under this Agreement by email sent to the email address used by You to register for the Services. You will deliver any notice by email sent to firstname.lastname@example.org.
27.1. Entire agreement: These Terms, together with the Optimal Privacy Notice, the Data Processing Agreement where applicable, and the terms of any other notices or instructions We give to You under these Terms constitute the entire agreement between You and Optimal and govern your use of the Services and Website, except for, and then only to the extent that you have entered into an Optimal Service Agreement. These Terms supersede any prior agreements or earlier versions of these Terms between You and Optimal for the use of the Services and Website as of the effective date indicated at the beginning of these Terms.
27.2. Delays : Neither party will be liable for any delay or failure in performance of its obligations under these Terms if the delay or failure is due to any cause outside its reasonable control. This clause does not apply to any obligation to pay money.
27.3. No Assignment : You may not assign or transfer any rights to any other person without Optimal's prior written consent.
27.4. Waiver : The failure by any party to enforce any provisions of this agreement at any time shall not operate as a waiver of that provision in respect of the particular act or omission or any other act or omission.
27.5. Governing law : This Agreement is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.
27.6. Jurisdictional Matters : If You are residing in a jurisdiction which restricts the use of internet-based applications according to age, or which restricts the ability to enter into agreements such as this Agreement according to age and You are under such a jurisdiction and under such age limit, You may not enter into this Agreement and access or use the Service. If You are residing in a jurisdiction where it is forbidden by law to offer or use software for internet communication, You may not enter into this Agreement and You may not download, access or use the Service. By entering into this Agreement, You represent that You have verified in Your own jurisdiction that Your use of the Service is allowed.
28. Interpretation and definitions
28.1. Interpretation: In these Terms, unless the context otherwise requires:
- 28.1.1. the singular includes the plural and vice versa;
- 28.1.2. a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
- 28.1.3. a reference to either party includes reference to its successors and permitted assigns (and where the context so permits) its personnel and representatives;
- 28.1.4. any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
- 28.1.5. the words “includes” and “including” are to be read as being followed by the words “without limitation”; and
- 28.1.6. a reference to any documentation and the Website includes as varied or substituted.
28.2. Defined terms:
- Agreement is the agreement contained in these Terms and includes any revisions to these Terms.
- Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable EU data protection law.
- Confidential Information means this Agreement, the Service Fees, the Optimal Materials and Technology and any other Optimal commercially sensitive materials and proprietary methodologies, the Customer Data, any personal information and material marked “Confidential” or with a similar marking, or which, by its nature, is apparent as confidential.
- Customer Data means any data inputted by You or with Your authority into the Website or the Services, including pre-paid recruitment data you purchase from us.
- Intellectual Property Right means any patent, trade mark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, anywhere in the world whether or not registered.
- Online Documentation means the documentation relating to the operation of the Service, as amended from time to time, which appears at www.optimalworkshop.com.
- Optimal, We and Us means Optimal Workshop Limited (New Zealand Registered Company number 1973791) and includes its successors and assigns, related companies, officers, directors, employees and agents.
- Optimal Data means all data collected by Us or inputted by Us into a Service or supplied by Us to You that is not Customer Data.
- Optimal Service Agreement means a separate written agreement entered into between You and Optimal for the supply and use of the Services and the Website.
- Optimal Materials and Technology means the materials and technology used by Optimal in relation to the Services including design and architecture, methodologies and tools, software and products and the Online Documentation.
- Registration Application means Your account sign-up and subscription purchase.
- Services means the user research services supplied by Optimal to You (as may be changed or updated from time to time by Optimal).
- Terms means these Terms of Service.
- Website means the Optimal Workshop website at optimalworkshop.com.
- You means you as the customer of the Services and Your has a corresponding meaning.
Annex A: Data Processing Agreement
Effective from 24th May 2018.
Data Processing Agreement
1.1. Application: This Data Processing Agreement applies to the extent that Personal Data which is subject to EU Data Protection Law is Processed in the course of the performance of the Services. The Parties acknowledge and agree that with regard to such Processing of Personal Data, the customer is the Data Controller and Optimal is a Data Processor.
1.2. Effective date: This Data Processing Agreement is effective from the date it is signed by both Parties.
1.3. Authority: If the customer is using the Services on behalf of a business, the customer represents to Optimal that it has authority to bind that business or entity to this Data Processing Agreement and that the business accepts this Data Processing Agreement.
1.4. Personal Data: An overview of the categories of Personal Data, the types of Data Subjects, and purposes for which the Personal Data are being processed is provided in Annex 1.
2. Data Processing
2.1. Data Controller’s authority : The Data Controller will, in determining the Services purchased and the Personal Data used in relation to those Services, determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor.
2.2. Restrictions on processing : The Data Processor will only process the Personal Data:
- 2.2.1. on documented instructions of the Data Controller. This Data Processing Agreement constitutes the initial instructions and each use of the Services then constitutes further instructions. The Data Processor will use reasonable efforts to follow any later Data Controller instructions, as long as they are required by Data Protection Law, technically feasible and do not require changes to the Services. If the Data Processor otherwise cannot comply with an instruction or is of the opinion that an instruction infringes the GDPR or Applicable Data Protection Law, the Data Processor will immediately notify the Data Controller; or
- 2.2.2. to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller.
2.3. Customer Agreement and discretion : The Parties have entered into a Customer Agreement in order to benefit from the expertise of the Data Processor in securing and processing the Personal Data for the purposes of the supply of the Services. The Data Processor may exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Data Processing Agreement.
2.4. Data Controller warranty : The Data Controller warrants that it has all necessary rights to provide the Personal Data to the Data Processor for the Processing to be performed in relation to the Services. To the extent required by the Applicable Data Protection Law, the Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. If such consent is revoked by the data subject, the Data Controller is responsible for removing the relevant Personal Data from the Services.
3.1. Personal Data confidential: The Data Processor shall:
- 3.1.1. treat all Personal Data as strictly confidential;
- 3.1.2. inform all its employees, agents and/or Sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data; and
- 3.1.3. ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
4.1. Technical and organisational measures: The Data Processor shall implement and maintain the Technical and Organisational Measures. The Data Controller agrees that it has reviewed the Technical and Organisational Measures. Each party acknowledges that it considers the Technical and Organisational Measures to be appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, taking account all the risks that are presented by processing, in particular from a Personal Data Breach.
4.2. Types of Personal Data : The Data Controller acknowledges that the Data Processor does not review the types of Personal Data collected in relation to the Services. If the Data Controller submits Personal Data to the Services that is not specified in Annex 1, the Data Controller agrees that it is responsible if the Technical and Organisational Measures do not meet the GDPR standard of appropriateness.
4.3. Changes to measures : The Data Processor may change the Technical and Organisational Measures at any time without notice so long as it maintains a comparable or better level of security. The Parties will negotiate in good faith the cost, if any, to implement changes required by specific updated security requirements in Applicable Data Protection Law or by data protection authorities of competent jurisdiction.
4.4. Login details : The Data Controller shall keep its login details confidential and secure and will not share them with others. If the Data Controller knows or suspects that its login information has or is likely to become used in an unauthorized way it shall immediately change its password or notify the Data Processor if it cannot change its password.
4.5. Directions : The Data Controller shall promptly comply with all reasonable directions issued by the Data Processor in relation to security or the Services.
5. Demonstration and audit
5.1. Demonstration: At the request of the Data Controller, the Data Processor shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.
5.2. Audit: The Data Controller shall be entitled on giving at least 14 days’ notice to the Data Processor to carry out, or have carried out by a third party who has entered into a confidentiality agreement with the Data Processor, audits of the Data Processor ́s premises and operations as these relate to the Personal Data. The Data Processor shall cooperate with such audits carried out by or on behalf of the Data Controller and shall grant the Data Controller ́s auditors reasonable access to any premises and devices involved with the Processing of the Personal Data. The Data Processor shall provide the Data Controller and/or the Data Controller ́s auditors with access to any information relating to the Processing of the Personal Data as may be reasonably required by the Data Controller to ascertain the Data Processor ́s compliance with this Data Processing Agreement.
6. Personal Data Breach
6.1. Notifications: The Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data Breach affecting Personal Data, providing Data Controller with sufficient information to allow the Data Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Applicable Data Protection Laws. Such shall contain:
- 6.1.1. a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
- 6.1.2. the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained;
- 6.1.3. a description of the likely consequences of the incident; and
- 6.1.4. a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
6.2. Co-operation: The Data Processor shall co-operate with the Data Controller and take such reasonable commercial steps as are directed by Data Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
7. Contracting with Sub-Processors
7.1. Authorisation: The Data Processor lists the Sub-processors on its Website, including the name, address and role of each Sub-processor. The Data Controller authorises the engagement of such Sub-processors.
7.2. Changes: Where the Data Processor removes, adds or replaces a Sub-processor, it will update the list on the Website, thereby giving the Data Controller the opportunity to object to such changes. If the Data Controller objects to such changes to the sub-processors, its sole remedy is to cancel or terminate its account or the Services.
7.3. Liability: Notwithstanding authorisation by the Data Controller in accordance with this clause 7, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations.
7.4. Sub-processor obligations : The Data Processor shall ensure that where it engages a Sub-processor for carrying out specific processing activities on behalf of the Data Controller, it will impose the data protection obligations as set out in this Data Protection Agreement as referred to in paragraph 3 of Article 28 of the GDPR on that Sub-processor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR.
7.5. Transfer: The Data Processor may transfer information to multiple countries as part of providing Services. If information originates from the European Economic Area (“EEA”) the Data Processor will not transfer the information outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is compliance with the EU Data Protection Law.
7.6. Requests from data subjects: The Data Processor shall promptly notify Data Controller if any Sub-processor receives a request from a Data Subject under any Data Protection Law in respect of Personal Data and ensure that the Sub-processor does not respond to that request except on the documented instructions of Data Controller or as required by Applicable Data Protection Laws to which the Sub-processor is subject, in which case Data Processor shall to the extent permitted by Applicable Laws inform Data Controller of that legal requirement before the Sub-processor responds to the request.
8. Data Transfers
8.1. Transfers : The Data Processor shall be entitled to process Personal Data, including by using Subprocessors, outside the country in which the Data Controller is located as permitted under Data Protection Law. Where the Data Processor transfers Personal Data to a country outside of the European Economic Area without an adequate level of protection, it lists such transfers on its Website. The Data Controller authorises such transfers. If the Data Controller objects to such transfers, its sole remedy is to cancel or terminate its account or the Services.
8.2. Statutory mechanism: To the extent that the Data Controller or the Data Processor are relying on a specific statutory mechanism to normalize international data transfers that are subsequently modified, revoked, or held in a court of competent jurisdiction to be invalid, the Data Controller and the Data Processor agrees to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.
9. Returning or Destruction of Personal Data
9.1. Deletion or destruction: The Data Processor shall at the choice of the Data Controller, delete or return all the Personal Data to the Data Controller after the end of the provision of the Services, and delete existing - copies subject to clause 9.3.
9.2. Return : The Data Controller agrees that return of Personal Data shall be undertaken by the Data Controller exporting the applicable Personal Data from the Services prior to any termination of the Services.
9.3. Retained data : The Data Processor may retain Personal Data to the extent and for such period as required by applicable laws (for example, applicable New Zealand tax laws). The Data Processor shall ensure the confidentiality of all such retained Personal Data.
9.4. Notification of third parties: The Data Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the Data Processing Agreement and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Data Controller, at the discretion of the Data Controller.
10. Assistance to Data Controller
10.1. Technical and organisational measures: The Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights under EU Data Protection Law.
10.2. Assistance: The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Data Processor.
10.3. Impact assessments: The Data Processor shall provide reasonable assistance to the Data Controller for any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Data Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to Processing of Personal Data by the Data Processor, and taking into account the nature of the Processing and information available to the Data Processor. The Data Processor may charge for such assistance at its standard rates.
- 11.1. Each party is responsible for its compliance with its documentation requirements, in particular maintaining records of processing where required under Applicable Data Protection Law. Each party shall reasonably assist the other party in its documentation requirements, including providing the information that the other party reasonably requests (such as through use of the Services), in order to enable the other party to comply with any obligations relating to maintaining records of processing.
- 12.1. Data subjects: The Parties agree that any Data Subject who has suffered damage as a result of any breach of this DPA may be entitled to seek compensation either from the Data Controller or the Data Processor. If the one Party has paid damages that are partly or fully attributable to the other Party, the former is entitled to claim back the relevant part of the damages from the latter.
13. Duration and Termination
13.1. Confidentiality: Termination or expiration of this Data Processing Agreement shall not discharge the Data Processor from its confidentiality obligations pursuant to clause 3.
13.2. Effective date: The Data Processor shall process Personal Data until the earlier of:
- 13.2.1. the date of termination of the Customer Agreement;
- 13.2.2. any date that the Data Controller instructs that Processing cease; or
- 13.2.3. the return or destruction of all Personal Data in accordance with clause 9.
14.1. Changes due to Applicable Data Protection Law: Either Party may propose variations to this Data Processing Agreement if it reasonably considers it to be necessary to address the requirements of any Applicable Data Protection Law. If either Party gives such notice, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the identified requirements as soon as is reasonably practicable.
14.2. Changes due to Controller instruction: Where an amendment to the Customer Agreement or this Data Protection Agreement is necessary in order to execute a Data Controller instruction to the Data Processor including to improve security measures:
- 14.2.1. the Parties shall promptly discuss the proposed instruction and negotiate in good faith as soon as is reasonably practicable with a view to agreeing and implementing instruction; and
- 14.2.2. if the Parties are not able to reach agreement, the Data Controller’s sole remedy is to sole remedy is to cancel or terminate its account or the Services.
- 15.1. Contact details: The Data Controller will deliver all notices under this Data Processing Agreement to the Data Processor’s addresses for notices specified in Annex 2. The Data Controller will deliver all notices under this Data Processing Agreement by email sent to the email address used by the Data Controller to register for the Services, or an alternate address if the Data Controller notifies one.
16.1. Conflict in terms: In the event of any conflict between this Data Processing Agreement and the Customer Agreement, this Data Processing Agreement will take precedence.
16.2. Governing law : This Data Processing Agreement is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.
17. Interpretation and definitions
17.1. Interpretation: In these Terms, unless the context otherwise requires:
- 17.1.1. the singular includes the plural and vice versa;
- 17.1.2. a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
- 17.1.3. a reference to either party includes reference to its respective successors in title and permitted assigns (and where the context so permits) its personnel and representatives;
- 17.1.4. any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
- 17.1.5. the words “includes” and “including” are to be read as being followed by the words “without limitation”; and
- 17.1.6. a reference to any documentation and the Website includes as varied or substituted.
17.2. Defined terms:
- 17.2.1. Terms such as Processing and Personal Data Breach have the meaning ascribed to them in the GDPR.
- 17.2.2. In addition:
- Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable, EU data protection law or New Zealand privacy law.
- Customer Agreement means the Terms of Service or, if the Parties have entered into a separate written agreement for the supply and use of the Services and the Website, that written agreement, each of which addresses the supply of Services to the customer.
- Data Controller has the meaning given to “Controller” in the GDPR.
- Data Processor has the meaning given to “Processor” in the GDPR.
- EU Data Protection Law means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- GDPR means Directive 95/46/EC (General Data Protection Regulation) of EU Data Protection Law.
- Optimal means Optimal Workshop Limited (New Zealand Registered Company number 1973791) and includes its successors and assigns, related companies, officers, directors, employees and agents.
- Parties means the customer and Optimal.
- Personal Data means such personal data (as that term is defined in the GDPR) as is provided by the Data Controller to the Data Processor for the purposes of the Data Processor providing the Services.
- Services means the user research services supplied by Optimal under a Customer Agreement.
- Sub-processor means a processor engaged by Optimal for carrying out specific processing activities on the customer’s behalf.
- Technical and Organisational Measures means the technical and organisational measures outlined on the Website.
- Website means the Optimal Workshop website at optimalworkshop.com.
ANNEX 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Personal Data
The subject matter and duration of the Processing of the Personal Data are set out in the principal part of this Data Processing Agreement.
Categories of Data Subject to whom the Personal Data relates
Data Controller may submit Personal Data to the Optimal Workshop tools, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Survey participants
- Data Controller’s Users as authorised by Data Controller to use the Services
Categories of data
Data Controller may submit Personal Data to the Optimal Workshop tools, the extent of which and the categories of which is determined and controlled by the Data Controller in its sole discretion.
Special categories of data/data regarding minors or criminal history (if appropriate)
Data Controller may submit special categories of data or data regarding minors or criminal history to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion. Such data includes, for the sake of clarity, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Customer Agreement.
ANNEX 2: CONTACT DETAILS
Contact information of the Data Protection Officer of the Data Processor: email@example.com
Contact information for support requests: firstname.lastname@example.org