Within the meaning of the Data Protection Legislation, the Client Data maycontain Personal Data.Accordingly, the provision of the Services may require mimbi processing. Personal Data on behalf of the Client. In this respect, ongoing compliance with the conditions set out in the Data Protection Legislation is a priority for mimbi.
1. ROLE OF THE PARTIES AND PROCESSING PURPOSES
a) The Client is a Data Controller and mimbi is a Data Processor.
2. COLLECTION OF PERSONAL DATA
During the Platform account opening process, either for a Free Trial or for the provision of the Services, the Client is requested to provide to mimbi some personal information. The provision of the information submitted by theClient will enable mimbi to store information on the relevant Client Account,provide the Services and contact the Client regarding the Services, including the provision of any Support Services.
3. DETAILS OF PROCESSING ACTIVITIES
Categories of data subjects whose personal data is processed: TheClient and any Authorized User of the Platform.Category of Personal Data processed:
Client Account Data such as the user's company, name, surname, e-mail or postal address, telephone number. company, professional email.
Transaction data such as the Subscription Fees and credit cardnumbers.
Technical data such as IP address, browser type and version,operating system used.
Data relating to chat and telephone calls such comments, requests,questions and information sent/formulated to our customer service.
Connection data such as functions used, pages visited, configurationsselected. Mimbi may also collect Personal Data from third parties, for instances wherethe Client has authorized mimbi to access its social networks accounts viaSSO login.Categories of sensitive data processed: The parties do not anticipate thetransfer of sensitive data.Purpose(s) for which the personal data is processed on behalf of thecontroller: Provision by mimbi of the Services in accordance with the termsand conditions of the Agreement and the Client’s instructions.Duration of the Processing: Duration of the Agreement between mimbi and the Client, unless otherwise agreed in writing.
4. MIMBI’S OBLIGATIONS
5. CLIENT’S OBLIGATIONS
The Client shall comply with its obligations as a Data Controller pursuant to the Data Protection Legislation as well as the Agreement, and in particular it will:
a) Ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to mimbi and/or lawful collection of the Personal Data by mimbi on behalf of the Client for the duration and purposes of the Agreement;
b) Ensure that data the level of security provided by mimbi for the Services adequately meets its obligations under applicable Data Protection Laws;
c) Document in writing any instructions relating to the Processing of Personal Data to be performed by mimbi pursuant to the provision of the Services;
d) Provide mimbi with the Personal Data required for the Processing, excluding any inaccurate, irrelevant, disproportionate or unnecessary Personal Data; and
e) Inform Data Subjects of the Processing and their rights in a form that is concise, transparent, intelligible and easily accessible.
6. DOCUMENTATION AND COMPLIANCE
At the Client’s reasonable request, as well as at the Client’s costs, mimbi willpermit and contribute to audits of the processing activities covered by theAgreement, once a year or earlier if the Client can demonstrate that there areserious indications of non-compliance.
7. ASSISTANCE TO THE CLIENT (CONTROLLER)
Mimbi will promptly notify the Client of any request it has received from a DataSubject. It will not respond to the request itself, unless authorized to do so bythe Client. When requested, mimbi will assist the Client, at the Client’s cost, inresponding to any request from a Data Subject and in ensuring compliance withits obligations under the Data Protection Legislation with respect to security,breach notifications, impact assessments and consultations with supervisoryauthorities or regulators.
8. NOTIFICATION OF PERSONAL DATA BREACH
Mimbi will, as soon as reasonably practicable, notify the Client in writing at theaddress provided by the Client in its Client Account, if it becomes aware of 1)the loss, unintended destruction or damage of part or all of the Personal Datacontained within the Client Data; or 2) any unlawful processing of the PersonalData contained within the Client Data; or 3) any Personal Data Breach relatedto the Client Data.Where mimbi becomes aware of either one of the above, it will, as soon asreasonably possible, provide the Client with any useful documentation thatwould allow the Client, if necessary, to inform the relevant data protectionauthority of the breach.Mimbi agrees that the Client will determine whether to provide notice of theaccidental, unauthorised or unlawful processing and/or the Personal DataBreach to any Data Subjects, the relevant Data Protection Authority, other in-scope regulators, law enforcement agencies or others, as required by law orregulation or in the Client’s discretion, including the contents and deliverymethod of the notice.
In the course of the Agreement, mimbi may engage Sub-Processors to ProcessPersonal Data on the client’s behalf, for the purpose of supporting the Platformfeatures and integrations, and providing the Client with the SubscriptionServices and/or the Support Services. Mimbi has currently appointed, as Sub-Processors, the third parties listed as“Connectors” here. These Sub-Processors willapply to the Client when subscribing to the Collect and Share SubscriptionServices.Throughout the Subscription Term, the Client may opt-in to receivingnotifications by email if mimbi adds or replaces any Sub-Processorsdirectly on its Client Account. In such event, mimbi will notify the Clientprior to any such change.
10. TERM & TERMINATION
THE CLIENT WILL BE RESPONSIBLE FOR RETRIEVING ITS CLIENT DATA PRIOR TO THE END OF ITS SUBSCRIPTION TERM BY FOLLOWING THE INSTRUCTIONS ON ITS CLIENT ACCOUNT.