Get a free, live brand consultation from our team to get started branding your business or securing your brand.
Connect with us after your consultation to propose a project or get answers to your project based questions.
Let's get started on your project! Our team will assist onboarding your project to make sure you are ready to develop.
TITLE | BILL INTERVAL | TOTAL |
---|---|---|
Standard Plugin – Classic Editor | ANNUAL | |
Google Simple Calendar + API Credentials & Setup | ANNUAL | |
NINJA FORMS | ANNUAL | |
JETPACK | ANNUAL | |
BETTER SEARCH & REPLACE | ANNUAL | |
YOAST BASIC | ANNUAL | |
YOAST DUPLICATE POST | ANNUAL | |
SIMPLE LOCAL GRAVATARS | ANNUAL | |
LOGINPRESS | ANNUAL |
|
|
The TroyColIVE – Brand Development Corp. Acceptable Use Policy (AUP) sets out the rules and guidelines for using our Services. You agree that you and your End users will use the Services in full compliance with the TroyColIVE – Brand Development Corp. Terms of Service (TOS) and the AUP.
By using any service provided by TroyColIVE – Brand Development Corp. you agree that:
Examples of unacceptable content, data, materials, websites on all TroyColIVE – Brand Development Corp. servers include but are not limited to:
IRC Bots, Proxy Scripts, Warez, image, filedump, mirror, or banner-ad services (similar to rapidshare, photobucket, or commercial banner ad rotation), topsites, commercial audio streaming, Escrow, High-Yield Interest Programs (HYIP) or related sites, Investment sites, sale of any controlled substances without providing proof of appropriate permit(s) in advance, AutoSurf sites, Bank Debentures, Bank Debenture Trading Programs, Prime Banks Programs,, muds / rpg’s, hate sites, hacking focused sites/archives/programs, or sites promoting illegal activities, IP Scanners, Brute Force Programs, Mail Bombers and Spam Scripts. Forum sites and or any other websites that distribute or link to warez content are strictly prohibited as well.
Any material that in our reasonable opinion is either obscene or threatening is strictly prohibited and will be removed from our servers.
By using our Services you also agree not to engage in or to instigate actions that cause harm to TroyColIVE – Brand Development Corp., other TroyColIVE – Brand Development Corp. customers or any third party. Such actions include, but are not limited to, actions resulting in blacklisting any TroyColIVE – Brand Development Corp. IPs by any online spam or IP reputation database, actions resulting in DOS attacks for any TroyColIVE – Brand Development Corp. server, etc.
You are solely responsible for ensuring that all programs and scripts installed or used on the Services are secure and the permissions of directories and files are set properly. We recommend that you set the permissions on all directories and files to be as restrictive as possible. You are solely responsible for any actions and activity while using the Services, including any compromise of login credentials.
You agree to keep all your login credentials secure at any time. We reserve the right to carry out audits to determine the security level of login credentials. In the event that we determine your login credentials have been compromised (e.g. were brute-forced, hijacked, stolen, etc.) and are being used or were used for uploading, maintaining, running unacceptable content, data materials or websites, we may suspend access to the compromised Service (including but not limited to Customer Account, hosting service, user accounts, website, FTP service, Email service). We will notify you if such actions are taken against your hosting account.
TroyColIVE – Brand Development Corp. shall not provide legal advice referring to compliance of content and materials uploaded on or transmitted through our Services. You shall be solely responsible for verifying whether your content and materials comply with any applicable law, including laws in jurisdictions where your content and/or materials are uploaded, hosted or accessed. TroyColIVE – Brand Development Corp. shall not bear any liability if your use of the Services violates any law or regulation.
If your use of the Services results in violation the AUP, we may take immediate corrective action without prior warning, including deletion of content or Service suspension. Repeated violations of the AUP will result in termination of the Agreement with no refund. TroyColIVE – Brand Development Corp. shall not be liable for any loss or damage arising from our measures taken against actions causing harm to TroyColIVE – Brand Development Corp., other TroyColIVE – Brand Development Corp. customers or any third party.
We reserve the right to terminate the Agreement for Services suspended for violation of the AUP or the TOS with no refund.
Any violation of our AUP should be reported to us at support@troycolive.com
This AUP is an integral part of the TroyColIVE – Brand Development Corp. Terms of Service (TOS). For all issues related to the use of the services not settled by the AUP, the provisions of the TOS shall apply.
The security of users’ data is always our top priority. If you have discovered security vulnerability anywhere in our services, we greatly appreciate your cooperation in disclosing it to us in a responsible manner, following the guidelines set out in this Policy.
We commit to acknowledge, validate, and fix vulnerabilities in the timeliest manner possible. We will not take legal action against or suspend access to our services for any party that has responsibly disclosed vulnerabilities discovered.
We would like to give proper credit to the people who help us improve our services and protect the TroyCoLIVE community. If you discover a valid significant vulnerability and report it in accordance with this Policy, we will add your name to our Honor Roll. If you wish to keep your disclosure confidential, just let us know and we would never reveal your identity. In case the same vulnerability is reported by several parties before it is fixed, the acknowledgment will go to the first one to report the issue.
Send us an e-mail at responsible-disclosure@TroyCoLIVE.com with the details of the vulnerability you have discovered. Please make sure to include the following:
We are very grateful to the community of users and security researchers who have helped us improve our services and make them more secure. The following individuals and organizations have discovered vulnerabilities and reported them to us in accordance with this Policy:
DMCA
Copyrights
Violation and DMCA
TroyCoLIVE fully complies
with the Digital Millennium Copyright Act (also known as DMCA) to protect the
rights of copyrights owners. If you think that a website hosted on any of our
servers contains materials that rightfully belong to you or an entity you represent,
you may contact us and invoke the protections provided by the DMCA act.
How to post a DMCA complaint?
The complaining party is
required to deliver to TroyCoLIVE the following information:
“I have a good faith
belief that the use of the material in the manner complained of is not
authorized by the copyright owner, its agent, or the law.”
“Under the penalty of
perjury I state that the information contained in my complaint is accurate and
I am authorized to act on behalf of the owner of the copyright I claim is
infringed.”
PLEASE BE ADVISED THAT IF YOU
KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT
TO HEAVY CIVIL PENALTIES AND CRIMINAL PENALTIES.
Please note that after we
receive your formal complaint, we are required to inform the Respondent of your
complaint. If our customer does not remove the infringing material, we will
disable access to that material.
The customer has the right to
submit a counter-notification in case they disagree with the claim. In such
case, the complaining party is provided with 10 days to file a lawsuit against
our customer and provide a proof of filing. If no such proof is submitted or a
restraining order is not granted, TroyCoLIVE will reinstate access to the
material.
How to serve a
counter-notification?
In case of a copyright
complaint is filed against a TroyCoLIVE customer, the customer may voluntarily
remove the material or may submit a counter-notification indicating that the
case will be resolved in court. The counter-notification must include all
of the following:
“I have a good faith
belief that the material was removed or disabled in error or misidentification
and I believe it is not infringing upon anyone’s copyrights. I understand that
I am declaring the above under penalty of perjury, meaning that if I am not
telling the truth I may be committing a crime.”
“I consent to be served
by the person, who gave notice to my Service Provider, or his agent. I consent
to the jurisdiction of Federal District Court for the judicial district in
which my address is located, or if my address is outside of the United States,
for any judicial district in which the Service Provider may be found.”
Whom to contact about DMCA
issues?
As required by the Digital
Millennium Copyright Act of 1998 (17 U.S.C. 512 (c)), all notifications of
copyright infringement regarding websites hosted by TroyCoLIVE should be sent
ONLY to its designated agent.
TroyCoLIVE Compliance Team
SG Hosting Inc.
901 N. Pitt St Suite 325, Alexandria, 22314 VA, USA
Phone: +1.800.828.9231
Email: compliance@TroyCoLIVE.com
ANY INQUIRIES OTHER THAN
THESE RELATED
Copyrights
Violation and DMCA
TroyCoLIVE fully complies
with the Digital Millennium Copyright Act (also known as DMCA) to protect the
rights of copyrights owners. If you think that a website hosted on any of our
servers contains materials that rightfully belong to you or an entity you represent,
you may contact us and invoke the protections provided by the DMCA act.
How to post a DMCA complaint?
The complaining party is
required to deliver to TroyCoLIVE the following information:
“I have a good faith
belief that the use of the material in the manner complained of is not
authorized by the copyright owner, its agent, or the law.”
“Under the penalty of
perjury I state that the information contained in my complaint is accurate and
I am authorized to act on behalf of the owner of the copyright I claim is
infringed.”
PLEASE BE ADVISED THAT IF YOU
KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT
TO HEAVY CIVIL PENALTIES AND CRIMINAL PENALTIES.
Please note that after we
receive your formal complaint, we are required to inform the Respondent of your
complaint. If our customer does not remove the infringing material, we will
disable access to that material.
The customer has the right to
submit a counter-notification in case they disagree with the claim. In such
case, the complaining party is provided with 10 days to file a lawsuit against
our customer and provide a proof of filing. If no such proof is submitted or a
restraining order is not granted, TroyCoLIVE will reinstate access to the
material.
How to serve a
counter-notification?
In case of a copyright
complaint is filed against a TroyCoLIVE customer, the customer may voluntarily
remove the material or may submit a counter-notification indicating that the
case will be resolved in court. The counter-notification must include all
of the following:
“I have a good faith
belief that the material was removed or disabled in error or misidentification
and I believe it is not infringing upon anyone’s copyrights. I understand that
I am declaring the above under penalty of perjury, meaning that if I am not
telling the truth I may be committing a crime.”
“I consent to be served
by the person, who gave notice to my Service Provider, or his agent. I consent
to the jurisdiction of Federal District Court for the judicial district in
which my address is located, or if my address is outside of the United States,
for any judicial district in which the Service Provider may be found.”
Whom to contact about DMCA
issues?
As required by the Digital
Millennium Copyright Act of 1998 (17 U.S.C. 512 (c)), all notifications of
copyright infringement regarding websites hosted by TroyCoLIVE should be sent
ONLY to its designated agent.
TroyCoLIVE Compliance Team
TroyCoLIVE – Brand Development Corp.
1801 Rutherford Rd. Ste. 106 A Greenville, SC 29609
Phone: +1-864-336-8899
Email: legal@troycolive.com
ANY INQUIRIES OTHER THAN
THESE RELATED TO THE DMCA WILL BE DELETED.
For
more information about DMCA please visit http://www.copyright.gov/legislation/dmca.pdfTO THE DMCA WILL BE DELETED.
For
more information about DMCA please visit http://www.copyright.gov/legislation/dmca.pdf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This Data Processing Agreement (this “DPA”) is entered between SG Hosting Inc. (“TroyCoLIVE”, “we”) and Customer (“Customer”, “you”), together referred to as the “Parties”. This DPA is part of the Terms of Service, Privacy Policy and other relevant policies available here. Customers agreeing to these terms enter into this DPA on their own behalf to the extent required under applicable Data Protection Regulations and Laws and to the extent TroyCoLIVE processes Customer Data as instructed by the Controller (as defined in Section 1).
In the course of providing the Services to the Customer TroyCoLIVE may process Customer Data on behalf of the Customer. The Parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith:
Unless otherwise defined in this DPA, all capitalized terms have the meanings outlined below:
“Adequacy decision” means a formal decision made by the EU which recognises that another country, territory, sector or international organisation provides an equivalent level of protection for personal data as the EU does.
“Adequate country or countries” means countries covered by an adequacy decision issued by the EU, meaning data can flow freely between such countries.
“Additional Products” means any features, products, software, programs, addons, plugins, scripts, tools or any other third-party software or content that are not part of the Services but that may be accessible via the TroyCoLIVE Client Area or the control panel.
“Agreement” means the Terms of Service and other relevant documents announced on our website, together with your Order for the purchase/use of Services and the Order confirmation sent by TroyCoLIVE, if applicable.
“CCPA” means the California Consumer Privacy Act (California Civil Code §1798.100 et seq., 2018) including any amendments and any implementing regulations thereto.
“Controller” means the natural person or the legal entity which, alone or jointly with others, determines the purposes and means of the processing of customer data; In this agreement, it means the Customer (you).
“Customer Data” means any Personal Data that is provided to TroyCoLIVE by, or on behalf of the Customer through its use of the Services (for avoidance of doubt Personal Data part of the Customer’s Order for purchase/use of the respective Service shall not be treated as Customer Data, subject to this DPA).
“Data Protection Losses” means all liabilities, including:
“Data Protection Regulations and Laws” or “Data Protection Regulations” means all regulations and laws, including but not limited to the CCPA, the laws and regulations of the European Union, the European Economic Area, their member states, Switzerland, the United Kingdom etc., applicable to the Processing of Customer Data under this DPA.
Terms: “Data Subject”, “Personal Data”, “Processing”, “Processor” and “Supervisory Authority” (or “Data Protection Authority”) have the same meaning as described in the applicable Data Protection Regulations.
“Effective date” means, as applicable:
“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of customer data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Notification Email Address” means the email address specified by the Customer in the ‘Owner Profile Details’ Section in the Client Area to receive certain notifications from TroyCoLIVE.
“International Data Transfer Agreement” (“IDTA”) means the standard data protection clauses for the transfer of Customer Data when the data subject is in the UK, incorporated as Annex 4 to this DPA.
“Order” means any Customer’s order for purchase/use of the respective service(s).
“Partner” means any person or entity which directly or indirectly controls, is controlled by, or is under common control with TroyCoLIVE. “Control” for the purpose of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Services” means any services we offer which could involve processing of Personal Data by TroyCoLIVE and its subcontractors.
“TroyCoLIVE” means the TroyCoLIVE entity which is a party to this DPA, namely: SG Hosting Inc., registered and existing under the laws of Delaware, USA, with registered address: 901 N. Pitt St, Suite 325, Alexandria 22314 VA, USA.
“TroyCoLIVE Group of Companies” means any and all companies, part of TroyCoLIVE Group of companies, engaged in the Processing of Customer Data:
“Standard Contractual Clauses” or “SCCs” means the standard data protection clauses for the transfer of Customer Data, as described in Article 46, p.2, c) of the GDPR, incorporated as Annex 1 to this DPA.
“Sub-processor” means any Processor engaged by TroyCoLIVE or a member of the TroyCoLIVE Group of Companies.
“Term” means the period from the Effective Date until the end of TroyCoLIVE’s provisioning of the Services under the applicable Agreement, including, if applicable, any period during which the Services may have been suspended and any post-termination period during which TroyCoLIVE may continue providing Services for transitional purposes.
2.1. Scope.
This DPA applies where and only to the extent that TroyCoLIVE processes Customer Data on behalf of the Customer in the course of providing the Services and such Customer Data is subject to the applicable Data Protection Regulations.
Annex 1 (Standard Contractual Clauses) will be applicable to Data Subjects which are located in the EU, whilst Annex 4 (International Data Transfer Agreement) will be applicable to Data Subjects which are located in the UK.
If the Customer agreeing to this DPA is already a Customer, this DPA forms part of the Agreement, Privacy Policy and other relevant policies and documents announced on our website. This DPA including its annexes will be effective and replace any terms previously applicable to privacy, data processing and/or data security where TroyCoLIVE acts as a Data Processor.
2.2. Compliance with Laws.
Еach party will comply with the obligations applicable to it under the applicable Data Protection Regulations with respect to the processing of that Customer Data.
2.3. Subject Matter and Details of the Data Processing.
2.3.1. Subject Matter.
TroyCoLIVE will process Customer Data as necessary for the provisioning of the Services and related technical and other support, incl. other inquiries pursuant to the Agreement and as further instructed by Customer in its use of the Services.
2.3.2. Duration of Processing.
Except as provided under Section 11, the duration of data processing shall be the Term designated under the Order and the applicable Agreement.
2.3.3. Nature and Purpose of the Processing.
TroyCoLIVE will process Customer Data for the purposes of providing the Services and related technical and other support to the Customer in accordance with the Agreement, this DPA and other relevant documents.
2.3.4. Categories of Data Subjects.
We process Personal Data of the following categories of Data Subjects:
2.3.5. Categories of Personal Data.
We may process the following categories of Personal Data in the course of the provision of the Services:
2.4. Roles of the Parties.
The Parties acknowledge and agree that:
2.5. Instructions for Data Processing.
TroyCoLIVE shall process Customer Data in accordance with this DPA, which is the Customer’s complete and final instructions to TroyCoLIVE in relation to processing of Customer Data. Processing outside the scope of this DPA (if any) shall require prior written agreement between TroyCoLIVE and Customer on additional instructions for processing. By entering into this DPA, Customer instructs TroyCoLIVE to process Customer data only in accordance with applicable Data Protection Regulations:
2.6. Access or Use.
TroyCoLIVE shall not access or use Customer Data, except as necessary to provide the Services and related technical and other support to the Customer in accordance with the DPA, the Agreement and other relevant documents, and in order to comply with the applicable legislation, including with a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body.
2.6.1. Customer’s Processing.
The Customer shall, in its use of the Services, process its Personal Data in accordance with the requirements of Data Protection Laws and Regulations applicable to it. The Customer shall have sole responsibility for the accuracy, quality, and legality of its Data and the means by which the Customer acquired this Data.
2.6.2. TroyCoLIVE’s Processing of Customer Data.
TroyCoLIVE shall only process Customer Data on behalf of and in accordance with the Customer’s documented instructions (this DPA) for the following purposes:
2.6.3. TroyCoLIVE’s Compliance with Instructions.
As from the Effective Date TroyCoLIVE shall comply with the described instructions above including with regard to data transfers, unless the applicable legislation to which TroyCoLIVE is subject requires other processing of Customer Data by TroyCoLIVE, in which case TroyCoLIVE shall inform the Customer (unless that law prohibits TroyCoLIVE from doing so on important grounds of public interest).
Customer Data may be accessed and processed by TroyCoLIVE and Sub-processors to fulfil the obligations under this DPA, the respective Agreement or applicable legislation. Such processing will comply with the measures outlined in Sections 3, Section 7 and Annex 2 Security Measures.
2.7. Rights of the Data Subjects.
2.7.1. Access, Rectification, Restricted Processing, Portability.
During the applicable Term, TroyCoLIVE shall, in a manner consistent with the functionality of the Services, enable Customer to access, rectify and restrict processing of Customer Data, including via deletion of all or some of the Customer Data under its account or deletion of the whole account as described in Section 2.8. (Return and Deletion of customer data), and via export of Customer Data.
2.7.2. Data Subject Requests.
2.7.2.1. Customer’s Responsibility for Requests.
If during the applicable Term, TroyCoLIVE receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, objection to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”), TroyCoLIVE shall advise the Data Subject to submit its request to the Customer, and the Customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the Services. TroyCoLIVE shall, to the extent legally permitted, take commercially reasonable steps to notify the Customer about such requests.
2.7.2.2. TroyCoLIVE Data Subject Request Assistance.
Taking into account the nature of the Processing, Customer agrees that TroyCoLIVE shall provide appropriate technical and organisational assistance, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to requests by Data Subjects, including if applicable Customer’s obligation to respond to requests for exercising the Data Subject’s rights laid down in the applicable Data Protection Regulations, by:
(a) providing documentation resources in the form of tutorials and knowledge base articles, functionality and/or controls in the control panel that Customer may elect to use to properly configure the Services and use the Services in a secure manner.
(b) providing features, functionalities and/or controls in the control panel that Customer may elect to use to retrieve, correct or delete the Customer Data from the Services.
(c) complying with the commitments set out in this DPA.
(d) To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, TroyCoLIVE shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent TroyCoLIVE is legally obliged to do so and the response to such Data Subject Request is required under the applicable Data Protection Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from TroyCoLIVE’s provisioning of such assistance.
2.8. Return and Deletion of Customer Data.
TroyCoLIVE shall enable the Customer to delete Customer Data during the applicable Term in a manner consistent with the functionality of the used Services and respective features. Retrieval or deletion of Customer Data by the Customer shall constitute an instruction to TroyCoLIVE to delete the respective Customer Data archived on backup systems in accordance with applicable law and within а maximum period of 60 calendar days.
Deactivation of the Services or expiry of the applicable Term shall constitute an instruction to TroyCoLIVE to delete the Customer Data and the relevant Customer Data archived on backup systems within а maximum period of 60 calendar days.
Nothing in this Section 2.8 varies or modifies any obligation of TroyCoLIVE to retain some or all Customer Data as necessary to comply with the applicable legislation including with a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body.
2.9. Disclosure.
TroyCoLIVE shall not disclose Customer Data to any government, law enforcement agencies and other authorities, except as necessary to comply with the applicable legislation or a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body. Upon receipt of an order by the authorities of a third country, TroyCoLIVE will act in accordance with clause 15 of the Standard Contractual Clauses. TroyCoLIVE may also disclose Customer Data to third parties in the event that TroyCoLIVE sells or buys any business or assets, in which case TroyCoLIVE may disclose Customer Data to the prospective seller or buyer, or in case TroyCoLIVE sells, buys, merges, is acquired by, or partners with other companies or businesses, or sells some or all of its assets.
2.10. TroyCoLIVE’s Personnel.
TroyCoLIVE restricts its personnel from processing Customer Data without authorisation by TroyCoLIVE. Access to Customer Data is limited to those personnel whose role and responsibilities are connected to the provision of Services.
TroyCoLIVE imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. TroyCoLIVE ensures that these confidentiality obligations survive the termination of the personnel engagement.
2.11. Data Protection Officer.
Members of TroyCoLIVE Group of Companies have appointed a Data Protection Officer in compliance with the applicable Data Protection Regulations, who can be reached at privacy@TroyCoLIVE.com.
3.1. Consent to Sub-processor Engagement/Appointment of Sub-processors.
The Customer acknowledges and agrees that:
(a) TroyCoLIVE Partners may be retained as Sub-processors; and
(b) TroyCoLIVE and TroyCoLIVE Partners respectively may engage Sub-processors in connection with the provisioning of the Services. TroyCoLIVE has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processors.
If Customer has entered into Standard Contractual Clauses (Annex 1) or the International Data Transfer Agreement (Annex 4) as described in Section 5, the above authorizations shall constitute Customer’s prior written consent to the subcontracting by TroyCoLIVE of the processing of Customer Data if such consent is required under the Standard Contractual Clauses.
3.2. Information about Sub-processors.
3.2.1. TroyCoLIVE may share information about you with Sub-processors such as the TroyCoLIVE Group of Companies who may be engaged with provisioning of Services subject to your Agreement and who are based within and/or outside the EU, EEA or UK. These Sub-processors shall process the provided Customer Data under instructions of TroyCoLIVE and in compliance with our Privacy Policy and this DPA.
3.2.2. A list of TroyCoLIVE’s Sub-processors can be disclosed upon request, according to Annex 3.
3.3. Requirements for Sub-processor engagement.
When engaging any Sub-processor, TroyCoLIVE shall:
(a) ensure via a written contract that:
(i) the Sub-processor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with this Data Processing Agreement and any Standard Contractual Clauses or International Data Transfer Agreement entered into or Alternative Transfer Solution adopted by TroyCoLIVE as described in Section 5; and
(ii) the data protection obligations set out in the applicable Data Protection Regulations, as described in this Data Processing Agreement, are imposed on the Sub-processor; and
(b) remain fully liable for all obligations subcontracted to it, and all acts and omissions of the Sub-processor.
3.4. Objection Right for Sub-processor(s).
3.4.1. Customer may object to any Sub-processor by terminating the applicable Agreement immediately upon written notice to TroyCoLIVE, on condition that Customer provides such notice within 10 calendar days of being informed of the engagement of the respective Sub-processor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any Sub-processor.
3.4.2. TroyCoLIVE shall refund Customer any prepaid fees covering the remainder of the term of such Order(s) following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on the Customer.
Upon Customer’s request, TroyCoLIVE shall provide the Customer with reasonable cooperation and assistance needed to fulfil the Customer’s obligation under the applicable Data Protection Regulations to carry out a data protection impact assessment (DPIA) related to the Customer’s use of Services, to the extent the Customer does not otherwise have access to the relevant information, and to the extent that such information is available to TroyCoLIVE. TroyCoLIVE shall provide reasonable assistance to the Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this DPA, to the extent required under the Data Protection Regulations.
5.1. Data Centers.
TroyCoLIVE processes Customer Data in Data Centers located inside and outside the European Union, EEA and the UK. Information about the Data Centers locations is available on:https://www.TroyCoLIVE.com/datacenters and TroyCoLIVE reserves the right to update it from time to time.
The Customer may specify the Data center location where its hosting account content will be stored. The Customer agrees that TroyCoLIVE may change the locations of the Data Centers and move Customer’s hosting account to another Data Center at its sole discretion. TroyCoLIVE shall inform the Customer at least 10 calendar days before moving Customer’s hosting account at its sole discretion to a new Data Center either by sending an email to the Notification Email Address or via the Client Area. If the change of the Data Center results in storing the Customer Data located in the Customer’s hosting account under a different jurisdiction, the Customer may object to such change by terminating the Agreement immediately and upon written notice to TroyCoLIVE, on condition that the Customer provides such notice within 10 calendar days of being informed of the change of the Data Center.
The Customer can move its hosting account to another Data Center location at any time, provided that the functionality of the Services allows it and in exchange of additional fees.
5.2. Processing Locations.
To the extend the Customer Data is located in a Data Center outside the EU, European Economic Area or the UK, and to the extend TroyCoLIVE provides the Services and related technical and other support, the Customer agrees that TroyCoLIVE may, subject to Section 5, transmit, access and process Customer Data in the EU, EEA, UK, Asia, Australia, and the United States and any other countries where TroyCoLIVE and/or its Partners and Sub-processors have Data Centers, facilities or maintain data processing operations.
This type of international data transfer operations may occur upon provision of any of the Services provided by TroyCoLIVE, including Content Delivery Network (CDN) service.
The geographical locations of the servers to which the above-mentioned data transfer may happen are listed on our website and are subject to changes at our sole discretion.
If the storage and/or processing of Customer Data involves processing of Customer Data outside of the EEA and the EU GDPR applies, then this DPA and Annex 1, containing the Standard Contractual Clauses, will automatically apply as a contractual safeguard of the international data transfer.
If the storage and/or processing of Customer Data involves processing of Customer Data outside of the UK, and the UK GDPR applies, then this DPA and Annex 4, containing the International Data Transfer Agreement, will automatically apply as a contractual safeguard of the international data transfer.
5.3. Transfer Mechanism.
To the extent TroyCoLIVE processes or transfers (directly or via onward transfer) Customer Data under this DPA from the European Union, the European Economic Area, UK to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Regulations of the foregoing territories, the Parties agree that:
3.1. The Standard Contractual Clauses (Annex 1) will apply to Customer Data that is transferred, when the Data Subject is in the EU or EEA;
3.2. The International Data Transfer Agreement (Annex 4) will apply to Customer Data that is transferred, when the Data Subject is in the UK.
The Customer acknowledges that TroyCoLIVE is required under the applicable Data Protection Regulations to:
(a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which TroyCoLIVE is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and
(b) make such information available to the Supervisory Authorities. When the GDPR applies to the processing of Customer data, the Customer shall, where requested, provide such information to TroyCoLIVE via the TroyCoLIVE website or other means provided by TroyCoLIVE, and shall ensure that all provided information is kept accurate and up-to-date.
7.1. Security measures.
TroyCoLIVE shall implement and maintain technical and organisational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Annex 2 (the “Security Measures”). As described in Annex 2, the Security Measures include measures to provide encrypted transmission of Customer Data outside the Service environment; to help ensure ongoing confidentiality, integrity, availability and resilience of TroyCoLIVE’s systems and Services; to help restore timely access to Customer Data from an available backup copy, provided either by TroyCoLIVE Backup Services or Customer’s own backup copy following an incident; and for regular testing of effectiveness. TroyCoLIVE may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
7.2. Customer’s Security Responsibilities and Assessment.
The Customer agrees that, without prejudice to TroyCoLIVE’s obligations under Section 7 (Security Responsibilities of TroyCoLIVE) and other relevant Sections in this DPA:
7.2.1. The Customer is solely responsible for its use of the Services, including:
iii. ensuring that all programs, scripts, addons, plugins and other software installed on its hosting account are secure, properly configured and regularly maintained, and their use does not impose any security risk in respect to the Customer Data and the account itself;
7.2.2. TroyCoLIVE has no obligation to protect Customer Data which the Customer stores or transfers outside of TroyCoLIVE’s and its Sub – processors’ systems (for example, offline or on-premise storage), or to provide additional paid security services except to the extent that TroyCoLIVE offers and respectively the Customer orders and pays such services.
7.2.3. The Customer is solely responsible for reviewing the documentation and evaluating whether the Services, the Security Measures, TroyCoLIVE’s commitments under this Section and the following meet the Customer’s needs, including any security obligations of the Customer under the applicable Data Protection Regulations.
7.2.4. The Customer acknowledges and agrees that (taking into account the costs of implementation and the nature, scope, context and purpose of processing of Customer data as well as the risks to individuals) the Security Measures implemented and maintained by TroyCoLIVE as set out in Section 7.1. provide the needed level of security appropriate to the risk in respect to the Customer Data.
7.2.5. It is the Customer’s responsibility to backup Customer Data and all data and content stored within its hosting account in order to prevent potential data loss. TroyCoLIVE Backup Services are provided “as-is” and are subject to all limitations of liability set out in the applicable Agreement. In the event of partial or full data loss or corruption and in case that the Customer is not satisfied with the outcome of the restore by the TroyCoLIVE Backup Services or TroyCoLIVE’s backup copy is not recent or suitable for restore, it shall be the Customer’s obligation to restore any and all data and content stored within its hosting account from Customer’s own backup.
Under the applicable Data Protection Regulations:
9.1. TroyCoLIVE maintains security incident management policies and procedures and shall notify the Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Customer data transmitted, stored or otherwise processed by TroyCoLIVE or its Sub-processors of which TroyCoLIVE becomes aware and which affects the rights and freedoms of any Data Subjects (“Customer Data Incident”). TroyCoLIVE shall make reasonable efforts to identify the cause of such Customer Data Incident and take the steps as TroyCoLIVE deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within TroyCoLIVE’s reasonable control. The obligations herein shall not apply to incidents that are caused by the Customer, Customer’s usage of the Services, Customer’s actions or activities or Customer’s Users.
9.2. Notifications made pursuant to this section shall describe, to the extent possible, details of the Customer Data Incident, including steps taken to mitigate the potential risks and steps TroyCoLIVE recommends the Customer to undertake in order to address the Customer Data Incident.
9.3. Notification(s) of any Customer Data Incident(s) shall be delivered to the Notification Email Address or, at TroyCoLIVE’s discretion, by direct communication (for example, by phone call). The Customer is solely responsible for ensuring that the Notification Email Address and its contact information specified in ‘Owner Profile Details’ Section of its Client Area is correct and valid.
9.4. TroyCoLIVE shall not assess the content of the Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to the Customer and for fulfilling any third party notification obligations related to any Customer Data Incident(s).
9.5. TroyCoLIVE’s notification of or response to a Customer Data Incident under this Section 9 shall not be construed as an acknowledgement by TroyCoLIVE of any fault or liability with respect to the Customer Data Incident.
10.1. The Customer shall indemnify and keep indemnified TroyCoLIVE with respect to all data protection breaches and losses suffered or incurred by, arising from or in connection with:
(a) any non-compliance by the Customer with data protection laws and regulations;
(b) any breach by the Customer of its data protection and other obligations under this DPA and the Agreement;
10.2. TroyCoLIVE shall be liable for data protection breaches and losses caused by processing of Customer Data only to the extent directly resulting from TroyCoLIVE’s failure to comply with its obligations as Data Processor under Data Protections Laws and Regulations. TroyCoLIVE’s liability under the DPA will be subject to the exclusions and limitations of liability set out in the Agreement.
This DPA will take effect from the Effective Date until the end of TroyCoLIVE’s provisioning of the Services under the applicable Agreement, including, if applicable, any period during which the Services may have been suspended and any post-termination period (namely maximum 60 calendar days) during which TroyCoLIVE may continue processing Customer Data for transitional purposes (“Term”). Nothing in this Section 11 varies or modifies any obligation of TroyCoLIVE to retain some or all Customer Data as necessary to comply with the applicable legislation or with a valid and binding order (such as a subpoena or a court order) of a law enforcement agency and/or any other competent authority/state body. The DPA will automatically be terminated upon termination of the Agreement and deletion of all Customer Data by TroyCoLIVE.
12.1. To the extent of any conflict or inconsistency between the terms of this DPA and the ones of the applicable Agreement related to the Processing of Customer Data, the terms of this DPA shall prevail. For clarity, if the Customer has entered more than one Agreement, this DPA shall amend each of the Agreements separately.
12.2. TroyCoLIVE may modify the terms of this DPA at any time. If we make material changes to this DPA, we will notify you here, by email, or by means of a notice via our website or via your Client Area, at least ten (10) calendar days before the changes take effect. Non-material changes of this DPA shall have immediate effect.
SECTION I
Clause 1
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3
Third-party beneficiaries
(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
(iii) Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
(iv) Clause 12 – Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 – Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause 4
Interpretation
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7 – Optional
Docking clause
(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
(a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex 2 and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a)The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex 2. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non- compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Clause 9
Use of sub-processors
The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 10 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects.(8)The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Clause 10
Data subject rights
(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex 2 the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
Clause 11
Redress
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
(ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
Clause 12
Liability
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub- processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
Clause 13
Supervision
(a) The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
15.1 Notification
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non- compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Kingdom of Spain.
Clause 18
Choice of forum and jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of thе Kingdom of Spain.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
Data exporter(s):
Name: [Customer name]
Address: [Customer address]
Contact person’s name, position and contact details: [Contact person for Customer]
Activities relevant to the data transferred under these Clauses: The Data importer provides the Services to the Data exporter in accordance with the Agreement.
Signature and date:
…………………………………………………………………………………………..
Role: Data Controller
Data importer(s):
Name: SG Hosting Inc.
Address: 901 N. Pitt St, Suite 325, Alexandria 22314 VA, USA
Contact person’s name, position and contact details: TroyCoLIVE Privacy Team, privacy@TroyCoLIVE.com.
Activities relevant to the data transferred under these Clauses: hosting and other services
Signature and date:
…………………………………………………………………………………………..
Role: Data Processor
Categories of data subjects whose personal data is transferred
The personal data concerns the categories of data subjects as defined in Section 2.3.4. in the Data Processing Agreement.
Categories of personal data transferred
The personal data concerns the categories of data as defined in Section 2.3.5. in the Data Processing Agreement.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Customer may submit Customer Data in the course of its use of the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include categories of sensitive data. To ensure its protection we have adopted various restrictions and safeguards such as security measures, systems and data access controls, and others. For more detailed information, see Annex 2.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
On a continuous basis.
Nature of the processing
The nature of the processing is determined according to Art. 2.3.3 of the DPA.
Purpose(s) of the data transfer and further processing
The purpose of the data transfer and further processing is to better utilise TroyCoLIVE’s server infrastructure, some of which is based outside the EEA.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The duration of the processing is determined according to Art. 2.3.2 of the DPA.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
The subject matter, nature and duration of the processing is determined according to Art. 2.3.1, 2.3.2 and 2.3.3 of the DPA respectively.
Competent supervisory authority is the Spanish Data Protection Agency.
Security Measures
TroyCoLIVE implements and maintains appropriate technical and organisational Security Measures for the Processing of Personal Data, including the measures set out in this Annex 2 to the Data Processing Agreement. These measures are intended to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure or access, and against all other unlawful forms of Processing. Additional measures, and information concerning such measures, including the specific security measures and practices for the particular Services ordered by Customer, may be specified in the Agreement.
TroyCoLIVE may update or modify these Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
The technical and organisational security measures implemented by TroyCoLIVE are in accordance with the Standard Contractual Clauses.
Personnel and Confidentiality
TroyCoLIVE shall take reasonable steps to ensure that no person shall be appointed by TroyCoLIVE to process Personal Data unless that person:
TroyCoLIVE personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. TroyCoLIVE conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, TroyCoLIVE’s confidentiality and privacy policies. They are provided with relevant information security and data protection trainings and personnel handling Customer Data are required to complete additional requirements appropriate to their role.
Physical Security
TroyCoLIVE uses geographically distributed data centers and stores all production data in physically secure data centers. TroyCoLIVE Sub-processor’s production data centres employ measures to secure the access to data processing systems. They have an access system that controls access to the data center. This system permits only authorised personnel to have access to secure areas. The facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, are secured by around-the-clock guards, CCTV monitoring, access screening and escort-controlled access, and are also supported by on-site back-up generators in the event of a power failure.
The data center electrical power systems are designed to be redundant and maintainable without impact to continuous 24/7 operations. In most cases, a primary as well as an alternate power source is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries or diesel generators which are capable to provide emergency electrical power supply or reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions.
Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. TroyCoLIVE Sub-processor’s production equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
System Access Control
TroyCoLIVE servers use a Linux based implementation customized for the Services. TroyCoLIVE employs a review process to increase the security of the operating systems used to provide the Services and enhance the security products in production environments.
TroyCoLIVE has, and maintains, a set of information security policies for its personnel. TroyCoLIVE infrastructure, development and support personnel are responsible for the ongoing monitoring of TroyCoLIVE’s infrastructure security, the review of the Services, and responding to security incidents.
TroyCoLIVE’s internal access control policies and processes are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process customer data, including personal data. TroyCoLIVE aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. TroyCoLIVE employs an access management system to control personnel access to production servers, and only provides access to authorized personnel. The following may, among other controls, be applied depending upon the particular Services ordered: authentication via passwords and/or two-factor authentication, SSH keys, authorization processes, change management processes, logical access to the data centers is restricted and protected by firewall/VLAN, logging and monitoring of access on several levels. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a strict need to know basis. The granting or modification of access rights must also be in accordance with TroyCoLIVE’s internal data access policies.
Services Access Control
Customers must authenticate themselves via an authentication system in order to use the Services. Each application checks credentials in order to allow the display of data to the Customer.
The following may, among other controls, be applied depending upon the particular Services ordered: authentication via passwords and/or two-factor authentication, SSH keys, authorization processes, change management processes, and logging of access on several levels. Depending upon the particular Services ordered the following controls may also apply: unique identifiers are attributed to the responsible individual, revoke access mechanisms on consecutive failed login attempts and lockout time periods, password expiry and reset mechanisms, password complexity requirements.
Data Access Control
TroyCoLIVE stores data in a multi-tenant environment, meaning that multiple customers’ deployments are stored on the same physical hardware. TroyCoLIVE uses logical isolation to segregate each Customer’s data and logically separates each Customer’s data from that of others. This provides the scale while rigorously preventing customers from accessing one another’s data.
Customer is given control over specific controls for sharing access to the data to End Users for specific purposes in accordance with the functionality of the Services. Customer may choose to make use of these controls. TroyCoLIVE makes available certain logging capability.
Direct access to customer data is restricted and in case such is required access rights are established and enforced only to properly authorized staff in addition to the access control rules set forth in the previous Sections.
Transmission Control
Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media or exchanged within the data center.
For data in transit, TroyCoLIVE uses industry standard transport protocols such as SSL and TLS between Customer devices and TroyCoLIVE’s Services and data centers, and within data centers themselves. Except as otherwise specified for the Services (including within the Order, the applicable Agreement or the User documentation of the Services), transmissions of data outside the Service environment are encrypted. Some functionalities of the Services may enable the Customer to choose unencrypted communications in their use of the Service. Customer is solely responsible for the results of its decision to use such unencrypted communications or transmissions.
Input Control
The Personal Data source is under the control of the Customer, and Personal Data integration into the system, is managed by secured file transfer, via web services or entered into the application from the Customer. As set forth in Section Transmission Control above, some functionalities of the Services permit Customers to use unencrypted file transfer protocols. In such cases, Customer is solely responsible for its decision to use such unencrypted field transfer protocols.
The Services will not introduce any viruses to Customer Data; however, the Services do not scan for viruses that could be included in attachments or other Personal Data uploaded into the Services by Customer. Any such uploaded attachments will not be executed in the Services and therefore will not damage or compromise the Service.
Network Control
TroyCoLIVE blocks unauthorized traffic to and within the data centers using a variety of technologies such as firewalls, NATs, partitioned Local Area Networks and physical separation of back-end servers from public-facing interfaces.
TroyCoLIVE employs multiple layers of network devices and intrusion detection to protect its external attack surface. TroyCoLIVE considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
TroyCoLIVE and authorized personnel will monitor the Services for unauthorised intrusions using network-based intrusion detection mechanisms. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. SiIteGround’s intrusion detection involves tightly controlling the network communication attack surface through preventative measures such as firewalls, employing intelligent detection controls at data entry points and employing technologies that automatically remedy certain dangerous situations.
Incident Response
TroyCoLIVE maintains security incident management policies and procedures and monitors a variety of communication channels for security incidents. TroyCoLIVE personnel will react promptly to known incidents and will promptly notify Customer in the event TroyCoLIVE becomes aware of an actual or reasonably suspected unauthorised disclosure of Personal Data.
System Logs
TroyCoLIVE ensures that processing systems used to store Customer Data log information to their respective system log facility. Log entries are maintained and stored in case there is suspicion of inappropriate access and an analysis is required. Logging is kept securely to prevent tampering.
Reliability and Backup
For the Services, TroyCoLIVE ensures that backups are taken on a regular basis. Backups are secured using a combination of technical and physical controls.
TroyCoLIVE ensures that the systems where Customer Data is stored have a disaster recovery facility and are governed under disaster recovery plan. In the event production facilities are to be rendered unavailable, TroyCoLIVE will execute recovery plans to restore operation in a timely manner. TroyCoLIVE has designed and regularly plans and tests its disaster recovery plans.
Data destruction
When Customers delete data or leave the Service, TroyCoLIVE ensures the data is deleted as per the terms in the applicable Agreement. TroyCoLIVE Sub-processor’s production data centres employs strict procedures for reuse, redeployment, data destruction and decommission of disks and hardware.
Subprocessor Security
Before onboarding Sub-processors, TroyCoLIVE conducts due diligence of the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. The Sub-processor is required to enter into appropriate security, confidentiality and privacy contract terms.
System Changes and Enhancements
TroyCoLIVE may enhance and implement changes in the Services during the term of the Agreement. Security controls, procedures, policies and features may change or be added. TroyCoLIVE will provide security controls that deliver a level of security protection that is not materially lower than that provided as of the Effective Date.
Available upon request.
This International Data Transfer Agreement (IDTA) has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
Part 1: Tables
Table 1: Parties and signatures
Start date | From the moment the Exporter (Controller) enters a relationship with the Importer (Processor) | |
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
Parties’ details | TroyCoLIVE Customer, resident of the United Kingdom | SG Hosting Inc. Address: 901 N. Pitt St, Suite 325, Alexandria 22314 VA, USA |
Key Contact | · As described in ‘Owner Profile Details’ Section in the Client area | TroyCoLIVE Privacy Team, privacy@TroyCoLIVE.com. |
Importer Data Subject Contact | TroyCoLIVE Privacy Team, privacy@TroyCoLIVE.com. | |
Signatures confirming each Party agrees to be bound by this IDTA | Considered as signed upon acceptance of the Data Processing Agreement. | Considered as signed upon its publication on TroyCoLIVE website. |
Table 2: Transfer Details
UK country’s law that governs the IDTA: | England and Wales |
Primary place for legal claims to be made by the Parties | England and Wales |
The status of the Exporter | In relation to the Processing of the Transferred Data: Exporter is a Controller, Processor or Sub-Processor |
The status of the Importer | In relation to the Processing of the Transferred Data: Importer is the Exporter’s Processor or Sub-Processor |
Whether UK GDPR applies to the Importer | UK GDPR applies to the Importer’s Processing of the Transferred Data when the data subjects are in the UK |
Linked Agreement | If the Importer is the Exporter’s Processor or Sub-Processor – the agreement(s) between the Parties which sets out the Processor’s or Sub-Processor’s instructions for Processing the Transferred Data: Name of agreement: Data Processing Agreement Date of agreement: The Effective Date specified in the DPA Parties to the agreement: TroyCoLIVE’s customers and TroyCoLIVE |
Term | The Importer may Process the Transferred Data for the following time period: the period for which the Linked Agreement is in force |
Ending the IDTA before the end of the Term | The Parties cannot end the IDTA before the end of the Term unless there is a breach of the IDTA or the Parties agree in writing. |
Ending the IDTA when the Approved IDTA changes | Which Parties may end the IDTA as set out in Section 29.2: Importer |
Can the Importer make further transfers of the Transferred Data? | The Importer MAY transfer on the Transferred Data to another organisation or person (who is a different legal entity) in accordance with Section 16.1 (Transferring on the Transferred Data). |
Specific restrictions when the Importer may transfer on the Transferred Data | There are no specific restrictions. |
Review Dates | The Parties must review the Security Requirements at least once each year or each time there is a change to the Transferred Data, Purposes, Importer Information, TRA or risk assessment. |
Table 3: Transferred Data
Transferred Data | The categories of Transferred Data will update automatically if the information is updated in the Linked Agreement referred to. The personal data concerns the categories of data as defined in Section 2.3.5. in the Linked Agreement. Customer may submit Customer Data in the course of its use of the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include categories of sensitive data. To ensure its protection we have adopted various restrictions and safeguards such as security measures, systems and data access controls, and others. For more detailed information, see Annex 2. |
Special Categories of Personal Data and criminal convictions and offences | All types of sensitive data may be transferred by the Customer in its sole discretion when using the services, and the Importer will implement restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. |
Relevant Data Subjects | The Data Subjects of the Transferred Data are: The categories of Data Subjects will update automatically if the information is updated in the Linked Agreement referred to. The personal data concerns the categories of data subjects as defined in Section 2.3.4. in the Linked Agreement. |
Purpose | The Importer may Process the Transferred Data for the purposes set out in the Linked Agreement. The purposes will update automatically if the information is updated in the Linked Agreement referred to. |
Table 4: Security Requirements
Security of Transmission | As set out in Annex 2 to the Linked Agreement. |
Security of Storage | As set out in Annex 2 to the Linked Agreement. |
Security of Processing | As set out in Annex 2 to the Linked Agreement. |
Organisational security measures | As set out in Annex 2 to the Linked Agreement. |
Technical security minimum requirements | As set out in Annex 2 to the Linked Agreement. |
Updates to the Security Requirements | The Security Requirements will update automatically if the information is updated in the Linked Agreement referred to. |
Part 2: Extra Protection Clauses
Extra Protection Clauses: | As set out in the Linked Agreement and Annex 2 thereto. |
(i) Extra technical security protections | As set out in the Linked Agreement and Annex 2 thereto. |
(ii) Extra organisational protections | As set out in the Linked Agreement and Annex 2 thereto. |
(iii) Extra contractual protections | As set out in the Linked Agreement and Annex 2 thereto. |
Part 3: Commercial Clauses
Commercial Clauses | As set out in the Linked Agreement. |
Part 4: Mandatory Clauses
Information that helps you to understand this IDTA
1.1 Each Party agrees to be bound by the terms and conditions set out in the IDTA, in exchange for the other Party also agreeing to be bound by the IDTA.
1.2 This IDTA is made up of:
1.2.1 Part one: Tables;
1.2.2 Part two: Extra Protection Clauses;
1.2.3 Part three: Commercial Clauses; and
1.2.4 Part four: Mandatory Clauses.
1.3 The IDTA starts on the Start Date and ends as set out in Sections 29 or 30.
1.4 If the Importer is a Processor or Sub-Processor instructed by the Exporter: the Exporter must ensure that, on or before the Start Date and during the Term, there is a Linked Agreement which is enforceable between the Parties and which complies with Article 28 UK GDPR (and which they will ensure continues to comply with Article 28 UK GDPR).
1.5 References to the Linked Agreement or to the Commercial Clauses are to that Linked Agreement or to those Commercial Clauses only in so far as they are consistent with the Mandatory Clauses.
2.1 If a word starts with a capital letter it has the specific meaning set out in the Legal Glossary in Section 36.
2.2 To make it easier to read and understand, this IDTA contains headings and guidance notes. Those are not part of the binding contract which forms the IDTA.
3.1 The Parties must ensure that the information contained in Part one: Tables is correct and complete at the Start Date and during the Term.
3.2 In Table 2: Transfer Details, if the selection that the Parties are Controllers, Processors or Sub-Processors is wrong (either as a matter of fact or as a result of applying the UK Data Protection Laws) then:
3.2.1 the terms and conditions of the Approved IDTA which apply to the correct option which was not selected will apply; and
3.2.2 the Parties and any Relevant Data Subjects are entitled to enforce the terms and conditions of the Approved IDTA which apply to that correct option.
3.3 In Table 2: Transfer Details, if the selection that the UK GDPR applies is wrong (either as a matter of fact or as a result of applying the UK Data Protection Laws), then the terms and conditions of the IDTA will still apply to the greatest extent possible.
4.1 The Parties may choose to each sign (or execute):
4.1.1 the same copy of this IDTA;
4.1.2 two copies of the IDTA. In that case, each identical copy is still an original of this IDTA, and together all those copies form one agreement;
4.1.3 a separate, identical copy of the IDTA. In that case, each identical copy is still an original of this IDTA, and together all those copies form one agreement,
unless signing (or executing) in this way would mean that the IDTA would not be binding on the Parties under Local Laws.
5.1 Each Party must not change the Mandatory Clauses as set out in the Approved IDTA, except only:
5.1.1 to ensure correct cross-referencing: cross-references to Part one: Tables (or any Table), Part two: Extra Protections, and/or Part three: Commercial Clauses can be changed where the Parties have set out the information in a different format, so that the cross-reference is to the correct location of the same information, or where clauses have been removed as they do not apply, as set out below;
5.1.2 to remove those Sections which are expressly stated not to apply to the selections made by the Parties in Table 2: Transfer Details, that the Parties are Controllers, Processors or Sub-Processors and/or that the Importer is subject to, or not subject to, the UK GDPR. The Exporter and Importer understand and acknowledge that any removed Sections may still apply and form a part of this IDTA if they have been removed incorrectly, including because the wrong selection is made in Table 2: Transfer Details;
5.1.3 so the IDTA operates as a multi-party agreement if there are more than two Parties to the IDTA. This may include nominating a lead Party or lead Parties which can make decisions on behalf of some or all of the other Parties which relate to this IDTA (including reviewing Table 4: Security Requirements and Part two: Extra Protection Clauses, and making updates to Part one: Tables (or any Table), Part two: Extra Protection Clauses, and/or Part three: Commercial Clauses); and/or
5.1.4 to update the IDTA to set out in writing any changes made to the Approved IDTA under Section 5.4, if the Parties want to. The changes will apply automatically without updating them as described in Section 5.4;
provided that the changes do not reduce the Appropriate Safeguards.
5.2 If the Parties wish to change the format of the information included in Part one: Tables, Part two: Extra Protection Clauses or Part three: Commercial Clauses of the Approved IDTA, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
5.3 If the Parties wish to change the information included in Part one: Tables, Part two: Extra Protection Clauses or Part three: Commercial Clauses of this IDTA (or the equivalent information), they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
5.4 From time to time, the ICO may publish a revised Approved IDTA which:
5.4.1 makes reasonable and proportionate changes to the Approved IDTA, including correcting errors in the Approved IDTA; and/or
5.4.2 reflects changes to UK Data Protection Laws.
The revised Approved IDTA will specify the start date from which the changes to the Approved IDTA are effective and whether an additional Review Date is required as a result of the changes. This IDTA is automatically amended as set out in the revised Approved IDTA from the start date specified.
6.1 This IDTA must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.
6.2 If there is any inconsistency or conflict between UK Data Protection Laws and this IDTA, the UK Data Protection Laws apply.
6.3 If the meaning of the IDTA is unclear or there is more than one meaning, the meaning which most closely aligns with the UK Data Protection Laws applies.
6.4 Nothing in the IDTA (including the Commercial Clauses or the Linked Agreement) limits or excludes either Party’s liability to Relevant Data Subjects or to the ICO under this IDTA or under UK Data Protection Laws.
6.5 If any wording in Parts one, two or three contradicts the Mandatory Clauses, and/or seeks to limit or exclude any liability to Relevant Data Subjects or to the ICO, then that wording will not apply.
6.6 The Parties may include provisions in the Linked Agreement which provide the Parties with enhanced rights otherwise covered by this IDTA. These enhanced rights may be subject to commercial terms, including payment, under the Linked Agreement, but this will not affect the rights granted under this IDTA.
6.7 If there is any inconsistency or conflict between this IDTA and a Linked Agreement or any other agreement, this IDTA overrides that Linked Agreement or any other agreements, even if those agreements have been negotiated by the Parties. The exceptions to this are where (and in so far as):
6.7.1 the inconsistent or conflicting terms of the Linked Agreement or other agreement provide greater protection for the Relevant Data Subject’s rights, in which case those terms will override the IDTA; and
6.7.2 a Party acts as Processor and the inconsistent or conflicting terms of the Linked Agreement are obligations on that Party expressly required by Article 28 UK GDPR, in which case those terms will override the inconsistent or conflicting terms of the IDTA in relation to Processing by that Party as Processor.
6.8 The words “include”, “includes”, “including”, “in particular” are used to set out examples and not to set out a finite list.
6.9 References to:
6.9.1 singular or plural words or people, also includes the plural or singular of those words or people;
6.9.2 legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this IDTA has been signed; and
6.9.3 any obligation not to do something, includes an obligation not to allow or cause that thing to be done by anyone else.
7.1 This IDTA is governed by the laws of the UK country set out in Table 2: Transfer Details. If no selection has been made, it is the laws of England and Wales. This does not apply to Section 35 which is always governed by the laws of England and Wales.
How this IDTA provides Appropriate Safeguards
8.1 The purpose of this IDTA is to ensure that the Transferred Data has Appropriate Safeguards when Processed by the Importer during the Term. This standard is met when and for so long as:
8.1.1 both Parties comply with the IDTA, including the Security Requirements and any Extra Protection Clauses; and
8.1.2 the Security Requirements and any Extra Protection Clauses provide a level of security which is appropriate to the risk of a Personal Data Breach occurring and the impact on Relevant Data Subjects of such a Personal Data Breach, including considering any Special Category Data within the Transferred Data.
8.2 The Exporter must:
8.2.1 ensure and demonstrate that this IDTA (including any Security Requirements and Extra Protection Clauses) provides Appropriate Safeguards; and
8.2.2 (if the Importer reasonably requests) provide it with a copy of any TRA.
8.3 The Importer must:
8.3.1 before receiving any Transferred Data, provide the Exporter with all relevant information regarding Local Laws and practices and the protections and risks which apply to the Transferred Data when it is Processed by the Importer, including any information which may reasonably be required for the Exporter to carry out any TRA (the “Importer Information”);
8.3.2 co-operate with the Exporter to ensure compliance with the Exporter’s obligations under the UK Data Protection Laws;
8.3.3 review whether any Importer Information has changed, and whether any Local Laws contradict its obligations in this IDTA and take reasonable steps to verify this, on a regular basis. These reviews must be at least as frequent as the Review Dates; and
8.3.4 inform the Exporter as soon as it becomes aware of any Importer Information changing, and/or any Local Laws which may prevent or limit the Importer complying with its obligations in this IDTA. This information then forms part of the Importer Information.
8.4 The Importer must ensure that at the Start Date and during the Term:
8.4.1 the Importer Information is accurate;
8.4.2 it has taken reasonable steps to verify whether there are any Local Laws which contradict its obligations in this IDTA or any additional information regarding Local Laws which may be relevant to this IDTA.
8.5 Each Party must ensure that the Security Requirements and Extra Protection Clauses provide a level of security which is appropriate to the risk of a Personal Data Breach occurring and the impact on Relevant Data Subjects of such a Personal Data Breach.
9.1 Each Party must:
9.1.1 review this IDTA (including the Security Requirements and Extra Protection Clauses and the Importer Information) at regular intervals, to ensure that the IDTA remains accurate and up to date and continues to provide the Appropriate Safeguards. Each Party will carry out these reviews as frequently as the relevant Review Dates or sooner; and
9.1.2 inform the other party in writing as soon as it becomes aware if any information contained in either this IDTA, any TRA or Importer Information is no longer accurate and up to date.
9.2 If, at any time, the IDTA no longer provides Appropriate Safeguards the Parties must Without Undue Delay:
9.2.1 pause transfers and Processing of Transferred Data whilst a change to the Tables is agreed. The Importer may retain a copy of the Transferred Data during this pause, in which case the Importer must carry out any Processing required to maintain, so far as possible, the measures it was taking to achieve the Appropriate Safeguards prior to the time the IDTA no longer provided Appropriate Safeguards, but no other Processing;
9.2.2 agree a change to Part one: Tables or Part two: Extra Protection Clauses which will maintain the Appropriate Safeguards (in accordance with Section 5); and
9.2.3 where a change to Part one: Tables or Part two: Extra Protection Clauses which maintains the Appropriate Safeguards cannot be agreed, the Exporter must end this IDTA by written notice on the Importer.
10.1 Each Party agrees to comply with any reasonable requests made by the ICO in relation to this IDTA or its Processing of the Transferred Data.
10.2 The Exporter will provide a copy of any TRA, the Importer Information and this IDTA to the ICO, if the ICO requests.
10.3 The Importer will provide a copy of any Importer Information and this IDTA to the ICO, if the ICO requests.
The Exporter
11.1 The Exporter agrees that UK Data Protection Laws apply to its Processing of the Transferred Data, including transferring it to the Importer.
11.2 The Exporter must:
11.2.1 comply with the UK Data Protection Laws in transferring the Transferred Data to the Importer;
11.2.2 comply with the Linked Agreement as it relates to its transferring the Transferred Data to the Importer; and
11.2.3 carry out reasonable checks on the Importer’s ability to comply with this IDTA, and take appropriate action including under Section 9.2, Section 29 or Section 30, if at any time it no longer considers that the Importer is able to comply with this IDTA or to provide Appropriate Safeguards.
11.3 The Exporter must comply with all its obligations in the IDTA, including any in the Security Requirements, and any Extra Protection Clauses and any Commercial Clauses.
11.4 The Exporter must co-operate with reasonable requests of the Importer to pass on notices or other information to and from Relevant Data Subjects or any Third Party Controller where it is not reasonably practical for the Importer to do so. The Exporter may pass these on via a third party if it is reasonable to do so.
11.5 The Exporter must co-operate with and provide reasonable assistance to the Importer, so that the Importer is able to comply with its obligations to the Relevant Data Subjects under Local Law and this IDTA.
The Importer
12.1 The Importer must:
12.1.1 only Process the Transferred Data for the Purpose;
12.1.2 comply with all its obligations in the IDTA, including in the Security Requirements, any Extra Protection Clauses and any Commercial Clauses;
12.1.3 comply with all its obligations in the Linked Agreement which relate to its Processing of the Transferred Data;
12.1.4 keep a written record of its Processing of the Transferred Data, which demonstrate its compliance with this IDTA, and provide this written record if asked to do so by the Exporter;
12.1.5 if the Linked Agreement includes rights for the Exporter to obtain information or carry out an audit, provide the Exporter with the same rights in relation to this IDTA; and
12.1.6 if the ICO requests, provide the ICO with the information it would be required on request to provide to the Exporter under this Section 12.1 (including the written record of its Processing, and the results of audits and inspections).
12.2 The Importer must co-operate with and provide reasonable assistance to the Exporter and any Third Party Controller, so that the Exporter and any Third Party Controller are able to comply with their obligations under UK Data Protection Laws and this IDTA.
13.1 If the Importer’s Processing of the Transferred Data is subject to UK Data Protection Laws, it agrees that:
13.1.1 UK Data Protection Laws apply to its Processing of the Transferred Data, and the ICO has jurisdiction over it in that respect; and
13.1.2 it has and will comply with the UK Data Protection Laws in relation to the Processing of the Transferred Data.
13.2 If Section 13.1 applies and the Importer complies with Section 13.1, it does not need to comply with:
14.1 The Importer does not need to comply with this Section 14 if it is the Exporter’s Processor or Sub-Processor.
14.2 The Importer must:
14.2.1 ensure that the Transferred Data it Processes is adequate, relevant and limited to what is necessary for the Purpose;
14.2.2 ensure that the Transferred Data it Processes is accurate and (where necessary) kept up to date, and (where appropriate considering the Purposes) correct or delete any inaccurate Transferred Data it becomes aware of Without Undue Delay; and
14.2.3 ensure that it Processes the Transferred Data for no longer than is reasonably necessary for the Purpose.
15.1 If there is an Importer Personal Data Breach, the Importer must:
15.1.1 take reasonable steps to fix it, including to minimise the harmful effects on Relevant Data Subjects, stop it from continuing, and prevent it happening again. If the Importer is the Exporter’s Processor or Sub-Processor: these steps must comply with the Exporter’s instructions and the Linked Agreement and be in co-operation with the Exporter and any Third Party Controller; and
15.1.2 ensure that the Security Requirements continue to provide (or are changed in accordance with this IDTA so they do provide) a level of security which is appropriate to the risk of a Personal Data Breach occurring and the impact on Relevant Data Subjects of such a Personal Data Breach.
15.2 If the Importer is a Processor or Sub-Processor: if there is an Importer Personal Data Breach, the Importer must:
15.2.1 notify the Exporter Without Undue Delay after becoming aware of the breach, providing the following information:
15.2.1.1 a description of the nature of the Importer Personal Data Breach;
15.2.1.2 (if and when possible) the categories and approximate number of Data Subjects and Transferred Data records concerned;
15.2.1.3 likely consequences of the Importer Personal Data Breach;
15.2.1.4 steps taken (or proposed to be taken) to fix the Importer Personal Data Breach (including to minimise the harmful effects on Relevant Data Subjects, stop it from continuing, and prevent it happening again) and to ensure that Appropriate Safeguards are in place;
15.2.1.5 contact point for more information; and
15.2.1.6 any other information reasonably requested by the Exporter,
15.2.2 if it is not possible for the Importer to provide all the above information at the same time, it may do so in phases, Without Undue Delay; and
15.2.3 assist the Exporter (and any Third Party Controller) so the Exporter (or any Third Party Controller) can inform Relevant Data Subjects or the ICO or any other relevant regulator or authority about the Importer Personal Data Breach Without Undue Delay.
15.3 If the Importer is a Controller: if the Importer Personal Data Breach is likely to result in a risk to the rights or freedoms of any Relevant Data Subject the Importer must notify the Exporter Without Undue Delay after becoming aware of the breach, providing the following information:
15.3.1 a description of the nature of the Importer Personal Data Breach;
15.3.2 (if and when possible) the categories and approximate number of Data Subjects and Transferred Data records concerned;
15.3.3 likely consequences of the Importer Personal Data Breach;
15.3.4 steps taken (or proposed to be taken) to fix the Importer Personal Data Breach (including to minimise the harmful effects on Relevant Data Subjects, stop it from continuing, and prevent it happening again) and to ensure that Appropriate Safeguards are in place;
15.3.5 contact point for more information; and
15.3.6 any other information reasonably requested by the Exporter.
If it is not possible for the Importer to provide all the above information at the same time, it may do so in phases, Without Undue Delay.
15.4 If the Importer is a Controller: if the Importer Personal Data Breach is likely to result in a high risk to the rights or freedoms of any Relevant Data Subject, the Importer must inform those Relevant Data Subjects Without Undue Delay, except in so far as it requires disproportionate effort, and provided the Importer ensures that there is a public communication or similar measures whereby Relevant Data Subjects are informed in an equally effective manner.
15.5 The Importer must keep a written record of all relevant facts relating to the Importer Personal Data Breach, which it will provide to the Exporter and the ICO on request.
This record must include the steps it takes to fix the Importer Personal Data Breach (including to minimise the harmful effects on Relevant Data Subjects, stop it from continuing, and prevent it happening again) and to ensure that Security Requirements continue to provide a level of security which is appropriate to the risk of a Personal Data Breach occurring and the impact on Relevant Data Subjects of such a Personal Data Breach.
16.Transferring on the Transferred Data
16.1 The Importer may only transfer on the Transferred Data to a third party if it is permitted to do so in Table 2: Transfer Details Table, the transfer is for the Purpose, the transfer does not breach the Linked Agreement, and one or more of the following apply:
16.1.1 the third party has entered into a written contract with the Importer containing the same level of protection for Data Subjects as contained in this IDTA (based on the role of the recipient as controller or processor), and the Importer has conducted a risk assessment to ensure that the Appropriate Safeguards will be protected by that contract; or
16.1.2 the third party has been added to this IDTA as a Party; or
16.1.3 if the Importer was in the UK, transferring on the Transferred Data would comply with Article 46 UK GDPR; or
16.1.4 if the Importer was in the UK transferring on the Transferred Data would comply with one of the exceptions in Article 49 UK GDPR; or
16.1.5 the transfer is to the UK or an Adequate Country.
16.2 The Importer does not need to comply with Section 16.1 if it is transferring on Transferred Data and/or allowing access to the Transferred Data in accordance with Section 23 (Access Requests and Direct Access).
17.1 The Importer may sub-contract its obligations in this IDTA to a Processor or Sub-Processor (provided it complies with Section 16).
17.2 If the Importer is the Exporter’s Processor or Sub-Processor: it must also comply with the Linked Agreement or be with the written consent of the Exporter.
17.3 The Importer must ensure that any person or third party acting under its authority, including a Processor or Sub-Processor, must only Process the Transferred Data on its instructions.
17.4 The Importer remains fully liable to the Exporter, the ICO and Relevant Data Subjects for its obligations under this IDTA where it has sub-contracted any obligations to its Processors and Sub-Processors, or authorised an employee or other person to perform them (and references to the Importer in this context will include references to its Processors, Sub-Processors or authorised persons).
What rights do individuals have?
18.1 If a Party receives a request from a Relevant Data Subject for a copy of this IDTA:
18.1.1 it will provide the IDTA to the Relevant Data Subject and inform the other Party, as soon as reasonably possible;
18.1.2 it does not need to provide copies of the Linked Agreement, but it must provide all the information from those Linked Agreements referenced in the Tables;
18.1.3 it may redact information in the Tables or the information provided from the Linked Agreement if it is reasonably necessary to protect business secrets or confidential information, so long as it provides the Relevant Data Subject with a summary of those redactions so that the Relevant Data Subject can understand the content of the Tables or the information provided from the Linked Agreement.
19.1 The Importer does not need to comply with this Section 19 if it is the Exporter’s Processor or Sub-Processor.
19.2 The Importer must ensure that each Relevant Data Subject is provided with details of:
The Importer can demonstrate it has complied with this Section 19.2 if the information is given (or has already been given) to the Relevant Data Subjects by the Exporter or another party.
The Importer does not need to comply with this Section 19.2 in so far as to do so would be impossible or involve a disproportionate effort, in which case, the Importer must make the information publicly available.
19.3 The Importer must keep the details of the Importer Data Subject Contact up to date and publicly available. This includes notifying the Exporter in writing of any such changes.
19.4 The Importer must make sure those contact details are always easy to access for all Relevant Data Subjects and be able to easily communicate with Data Subjects in the English language Without Undue Delay.
20.1 The Importer does not need to comply with this Section 20 if it is the Exporter’s Processor or Sub-Processor.
20.2 If an individual requests, the Importer must confirm whether it is Processing their Personal Data as part of the Transferred Data.
20.3 The following Sections of this Section 20, relate to a Relevant Data Subject’s Personal Data which forms part of the Transferred Data the Importer is Processing.
20.4 If the Relevant Data Subject requests, the Importer must provide them with a copy of their Transferred Data:
20.4.1 Without Undue Delay (and in any event within one month);
20.4.2 at no greater cost to the Relevant Data Subject than it would be able to charge if it were subject to the UK Data Protection Laws;
20.4.3 in clear and plain English that is easy to understand; and
20.4.4 in an easily accessible form
together with
20.4.5 (if needed) a clear and plain English explanation of the Transferred Data so that it is understandable to the Relevant Data Subject; and
20.4.6 information that the Relevant Data Subject has the right to bring a claim for compensation under this IDTA.
20.5 If a Relevant Data Subject requests, the Importer must:
20.5.1 rectify inaccurate or incomplete Transferred Data;
20.5.2 erase Transferred Data if it is being Processed in breach of this IDTA;
20.5.3 cease using it for direct marketing purposes; and
20.5.4 comply with any other reasonable request of the Relevant Data Subject, which the Importer would be required to comply with if it were subject to the UK Data Protection Laws.
20.6 The Importer must not use the Transferred Data to make decisions about the Relevant Data Subject based solely on automated processing, including profiling (the “Decision-Making”), which produce legal effects concerning the Relevant Data Subject or similarly significantly affects them, except if it is permitted by Local Law and:
20.6.1 the Relevant Data Subject has given their explicit consent to such Decision-Making; or
20.6.2 Local Law has safeguards which provide sufficiently similar protection for the Relevant Data Subjects in relation to such Decision-Making, as to the relevant protection the Relevant Data Subject would have if such Decision-Making was in the UK; or
20.6.3 the Extra Protection Clauses provide safeguards for the Decision-Making which provide sufficiently similar protection for the Relevant Data Subjects in relation to such Decision-Making, as to the relevant protection the Relevant Data Subject would have if such Decision-Making was in the UK.
21.1 Where the Importer is the Exporter’s Processor or Sub-Processor: If the Importer receives a request directly from an individual which relates to the Transferred Data it must pass that request on to the Exporter Without Undue Delay. The Importer must only respond to that individual as authorised by the Exporter or any Third Party Controller.
22.Rights of Relevant Data Subjects are subject to the exemptions in the UK Data Protection Laws
22.1 The Importer is not required to respond to requests or provide information or notifications under Sections 18, 19, 20, 21 and 23 if:
22.1.1 it is unable to reasonably verify the identity of an individual making the request; or
22.1.2 the requests are manifestly unfounded or excessive, including where requests are repetitive. In that case the Importer may refuse the request or may charge the Relevant Data Subject a reasonable fee; or
22.1.3 a relevant exemption would be available under UK Data Protection Laws, were the Importer subject to the UK Data Protection Laws.
If the Importer refuses an individual’s request or charges a fee under Section 22.1.2 it will set out in writing the reasons for its refusal or charge, and inform the Relevant Data Subject that they are entitled to bring a claim for compensation under this IDTA in the case of any breach of this IDTA.
How to give third parties access to Transferred Data under Local Laws
23.1 In this Section 23 an “Access Request” is a legally binding request (except for requests only binding by contract law) to access any Transferred Data and “Direct Access” means direct access to any Transferred Data by public authorities of which the Importer is aware.
23.2 The Importer may disclose any requested Transferred Data in so far as it receives an Access Request, unless in the circumstances it is reasonable for it to challenge that Access Request on the basis there are significant grounds to believe that it is unlawful.
23.3 In so far as Local Laws allow and it is reasonable to do so, the Importer will Without Undue Delay provide the following with relevant information about any Access Request or Direct Access: the Exporter; any Third Party Controller; and where the Importer is a Controller, any Relevant Data Subjects.
23.4 In so far as Local Laws allow, the Importer must:
23.4.1 make and keep a written record of Access Requests and Direct Access, including (if known): the dates, the identity of the requestor/accessor, the purpose of the Access Request or Direct Access, the type of data requested or accessed, whether it was challenged or appealed, and the outcome; and the Transferred Data which was provided or accessed; and
23.4.2 provide a copy of this written record to the Exporter on each Review Date and any time the Exporter or the ICO reasonably requests.
24.1 If a Party is required to notify any other Party in this IDTA it will be marked for the attention of the relevant Key Contact and sent by e-mail to the e-mail address given for the Key Contact.
24.2 If the notice is sent in accordance with Section 24.1, it will be deemed to have been delivered at the time the e-mail was sent, or if that time is outside of the receiving Party’s normal business hours, the receiving Party’s next normal business day, and provided no notice of non-delivery or bounceback is received.
24.3 The Parties agree that any Party can update their Key Contact details by giving 14 days’ (or more) notice in writing to the other Party.
25.1 In relation to the transfer of the Transferred Data to the Importer and the Importer’s Processing of the Transferred Data, this IDTA and any Linked Agreement:
25.1.1 contain all the terms and conditions agreed by the Parties; and
25.1.2 override all previous contacts and arrangements, whether oral or in writing.
25.2 If one Party made any oral or written statements to the other before entering into this IDTA (which are not written in this IDTA) the other Party confirms that it has not relied on those statements and that it will not have a legal remedy if those statements are untrue or incorrect, unless the statement was made fraudulently.
25.3 Neither Party may novate, assign or obtain a legal charge over this IDTA (in whole or in part) without the written consent of the other Party, which may be set out in the Linked Agreement.
25.4 Except as set out in Section 17.1, neither Party may sub contract its obligations under this IDTA without the written consent of the other Party, which may be set out in the Linked Agreement.
25.5 This IDTA does not make the Parties a partnership, nor appoint one Party to act as the agent of the other Party.
25.6 If any Section (or part of a Section) of this IDTA is or becomes illegal, invalid or unenforceable, that will not affect the legality, validity and enforceability of any other Section (or the rest of that Section) of this IDTA.
25.7 If a Party does not enforce, or delays enforcing, its rights or remedies under or in relation to this IDTA, this will not be a waiver of those rights or remedies. In addition, it will not restrict that Party’s ability to enforce those or any other right or remedy in future.
25.8 If a Party chooses to waive enforcing a right or remedy under or in relation to this IDTA, then this waiver will only be effective if it is made in writing. Where a Party provides such a written waiver:
25.8.1 it only applies in so far as it explicitly waives specific rights or remedies;
25.8.2 it shall not prevent that Party from exercising those rights or remedies in the future (unless it has explicitly waived its ability to do so); and
25.8.3 it will not prevent that Party from enforcing any other right or remedy in future.
What happens if there is a breach of this IDTA?
26.1 Each Party must notify the other Party in writing (and with all relevant details) if it:
26.1.1 has breached this IDTA; or
26.1.2 it should reasonably anticipate that it may breach this IDTA, and provide any information about this which the other Party reasonably requests.
26.2 In this IDTA “Significant Harmful Impact” means that there is more than a minimal risk of a breach of the IDTA causing (directly or indirectly) significant damage to any Relevant Data Subject or the other Party.
27.1 If the Importer has breached this IDTA, and this has a Significant Harmful Impact, the Importer must take steps Without Undue Delay to end the Significant Harmful Impact, and if that is not possible to reduce the Significant Harmful Impact as much as possible.
27.2 Until there is no ongoing Significant Harmful Impact on Relevant Data Subjects:
27.2.1 the Exporter must suspend sending Transferred Data to the Importer;
27.2.2 If the Importer is the Exporter’s Processor or Sub-Processor: if the Exporter requests, the importer must securely delete all Transferred Data or securely return it to the Exporter (or a third party named by the Exporter); and
27.2.3 if the Importer has transferred on the Transferred Data to a third party receiver under Section 16, and the breach has a Significant Harmful Impact on Relevant Data Subject when it is Processed by or on behalf of that third party receiver, the Importer must:
27.2.3.1 notify the third party receiver of the breach and suspend sending it Transferred Data; and
27.2.3.2 if the third party receiver is the Importer’s Processor or Sub-Processor: make the third party receiver securely delete all Transferred Data being Processed by it or on its behalf, or securely return it to the Importer (or a third party named by the Importer).
27.3 If the breach cannot be corrected Without Undue Delay, so there is no ongoing Significant Harmful Impact on Relevant Data Subjects, the Exporter must end this IDTA under Section 30.1.
28.1 If the Exporter has breached this IDTA, and this has a Significant Harmful Impact, the Exporter must take steps Without Undue Delay to end the Significant Harmful Impact and if that is not possible to reduce the Significant Harmful Impact as much as possible.
28.2 Until there is no ongoing risk of a Significant Harmful Impact on Relevant Data Subjects, the Exporter must suspend sending Transferred Data to the Importer.
28.3 If the breach cannot be corrected Without Undue Delay, so there is no ongoing Significant Harmful Impact on Relevant Data Subjects, the Importer must end this IDTA under Section 30.1.
Ending the IDTA
29.How to end this IDTA without there being a breach
29.1 The IDTA will end:
29.1.1 at the end of the Term stated in Table 2: Transfer Details; or
29.1.2 if in Table 2: Transfer Details, the Parties can end this IDTA by providing written notice to the other: at the end of the notice period stated;
29.1.3 at any time that the Parties agree in writing that it will end; or
29.1.4 at the time set out in Section 29.2.
29.2 If the ICO issues a revised Approved IDTA under Section 5.4, if any Party selected in Table 2 “Ending the IDTA when the Approved IDTA changes”, will as a direct result of the changes in the Approved IDTA have a substantial, disproportionate and demonstrable increase in:
29.2.1 its direct costs of performing its obligations under the IDTA; and/or
29.2.2 its risk under the IDTA,
and in either case it has first taken reasonable steps to reduce that cost or risk so that it is not substantial and disproportionate, that Party may end the IDTA at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved IDTA.
30.1 A Party may end this IDTA immediately by giving the other Party written notice if:
30.1.1 the other Party has breached this IDTA and this has a Significant Harmful Impact. This includes repeated minor breaches which taken together have a Significant Harmful Impact, and
30.1.1.1 the breach can be corrected so there is no Significant Harmful Impact, and the other Party has failed to do so Without Undue Delay (which cannot be more than 14 days of being required to do so in writing); or
30.1.1.2 the breach and its Significant Harmful Impact cannot be corrected;
30.1.2 the Importer can no longer comply with Section 8.3, as there are Local Laws which mean it cannot comply with this IDTA and this has a Significant Harmful Impact.
31.1 If the parties wish to bring this IDTA to an end or this IDTA ends in accordance with any provision in this IDTA, but the Importer must comply with a Local Law which requires it to continue to keep any Transferred Data then this IDTA will remain in force in respect of any retained Transferred Data for as long as the retained Transferred Data is retained, and the Importer must:
31.1.1 notify the Exporter Without Undue Delay, including details of the relevant Local Law and the required retention period;
31.1.2 retain only the minimum amount of Transferred Data it needs to comply with that Local Law, and the Parties must ensure they maintain the Appropriate Safeguards, and change the Tables and Extra Protection Clauses, together with any TRA to reflect this; and
31.1.3 stop Processing the Transferred Data as soon as permitted by that Local Law and the IDTA will then end and the rest of this Section 29 will apply.
31.2 When this IDTA ends (no matter what the reason is):
31.2.1 the Exporter must stop sending Transferred Data to the Importer; and
31.2.2 if the Importer is the Exporter’s Processor or Sub-Processor: the Importer must delete all Transferred Data or securely return it to the Exporter (or a third party named by the Exporter), as instructed by the Exporter;
31.2.3 if the Importer is a Controller and/or not the Exporter’s Processor or Sub-Processor: the Importer must securely delete all Transferred Data.
31.2.4 the following provisions will continue in force after this IDTA ends (no matter what the reason is):
How to bring a legal claim under this IDTA
32.1 The Parties remain fully liable to Relevant Data Subjects for fulfilling their obligations under this IDTA and (if they apply) under UK Data Protection Laws.
32.2 Each Party (in this Section, “Party One”) agrees to be fully liable to Relevant Data Subjects for the entire damage suffered by the Relevant Data Subject, caused directly or indirectly by:
32.2.1 Party One’s breach of this IDTA; and/or
32.2.2 where Party One is a Processor, Party One’s breach of any provisions regarding its Processing of the Transferred Data in the Linked Agreement;
32.2.3 where Party One is a Controller, a breach of this IDTA by the other Party if it involves Party One’s Processing of the Transferred Data (no matter how minimal)
in each case unless Party One can prove it is not in any way responsible for the event giving rise to the damage.
32.3 If one Party has paid compensation to a Relevant Data Subject under Section 32.2, it is entitled to claim back from the other Party that part of the compensation corresponding to the other Party’s responsibility for the damage, so that the compensation is fairly divided between the Parties.
32.4 The Parties do not exclude or restrict their liability under this IDTA or UK Data Protection Laws, on the basis that they have authorised anyone who is not a Party (including a Processor) to perform any of their obligations, and they will remain responsible for performing those obligations.
33.1 The Relevant Data Subjects are entitled to bring claims against the Exporter and/or Importer for breach of the following (including where their Processing of the Transferred Data is involved in a breach of the following by either Party):
33.2 The ICO is entitled to bring claims against the Exporter and/or Importer for breach of the following Sections: Section 10 (The ICO), Sections 11.1 and 11.2 (Exporter’s obligations), Section 12.1.6 (General Importer obligations) and Section 13 (Importer’s obligations if it is subject to UK Data Protection Laws).
33.3 No one else (who is not a Party) can enforce any part of this IDTA (including under the Contracts (Rights of Third Parties) Act 1999).
33.4 The Parties do not need the consent of any Relevant Data Subject or the ICO to make changes to this IDTA, but any changes must be made in accordance with its terms.
33.5 In bringing a claim under this IDTA, a Relevant Data Subject may be represented by a not-for-profit body, organisation or association under the same conditions set out in Article 80(1) UK GDPR and sections 187 to 190 of the Data Protection Act 2018.
34.1 The courts of the UK country set out in Table 2: Transfer Details have non-exclusive jurisdiction over any claim in connection with this IDTA (including non-contractual claims).
34.2 The Exporter may bring a claim against the Importer in connection with this IDTA (including non-contractual claims) in any court in any country with jurisdiction to hear the claim.
34.3 The Importer may only bring a claim against the Exporter in connection with this IDTA (including non-contractual claims) in the courts of the UK country set out in the Table 2: Transfer Details
34.4 Relevant Data Subjects and the ICO may bring a claim against the Exporter and/or the Importer in connection with this IDTA (including non-contractual claims) in any court in any country with jurisdiction to hear the claim.
34.5 Each Party agrees to provide to the other Party reasonable updates about any claims or complaints brought against it by a Relevant Data Subject or the ICO in connection with the Transferred Data (including claims in arbitration).
35.1 Instead of bringing a claim in a court under Section 34, any Party, or a Relevant Data Subject may elect to refer any dispute arising out of or in connection with this IDTA (including non-contractual claims) to final resolution by arbitration under the Rules of the London Court of International Arbitration, and those Rules are deemed to be incorporated by reference into this Section 35.
35.2 The Parties agree to submit to any arbitration started by another Party or by a Relevant Data Subject in accordance with this Section 35.
35.3 There must be only one arbitrator. The arbitrator (1) must be a lawyer qualified to practice law in one or more of England and Wales, or Scotland, or Northern Ireland and (2) must have experience of acting or advising on disputes relating to UK Data Protection Laws.
35.4 London shall be the seat or legal place of arbitration. It does not matter if the Parties selected a different UK country as the ‘primary place for legal claims to be made’ in Table 2: Transfer Details.
35.5 The English language must be used in the arbitral proceedings.
35.6 English law governs this Section 35. This applies regardless of whether or not the parties selected a different UK country’s law as the ‘UK country’s law that governs the IDTA’ in Table 2: Transfer Details.
Word or Phrase | Legal definition (this is how this word or phrase must be interpreted in the IDTA) |
Access Request | As defined in Section 23, as a legally binding request (except for requests only binding by contract law) to access any Transferred Data. |
Adequate Country | A third country, or: · a territory; · one or more sectors or organisations within a third country; · an international organisation; which the Secretary of State has specified by regulations provides an adequate level of protection of Personal Data in accordance with Section 17A of the Data Protection Act 2018. |
Appropriate Safeguards | The standard of protection over the Transferred Data and of the Relevant Data Subject’s rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR. |
Approved IDTA | The template IDTA A1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 5.4. |
Commercial Clauses | The commercial clauses set out in Part three. |
Controller | As defined in the UK GDPR. |
Damage | All material and non-material loss and damage. |
Data Subject | As defined in the UK GDPR. |
Decision-Making | As defined in Section 20.6, as decisions about the Relevant Data Subjects based solely on automated processing, including profiling, using the Transferred Data. |
Direct Access | As defined in Section 23 as direct access to any Transferred Data by public authorities of which the Importer is aware. |
Exporter | The exporter identified in Table 1: Parties & Signature. |
Extra Protection Clauses | The clauses set out in Part two: Extra Protection Clauses. |
ICO | The Information Commissioner. |
Importer | The importer identified in Table 1: Parties & Signature. |
Importer Data Subject Contact | The Importer Data Subject Contact identified in Table 1: Parties & Signature, which may be updated in accordance with Section 19. |
Importer Information | As defined in Section 8.3.1, as all relevant information regarding Local Laws and practices and the protections and risks which apply to the Transferred Data when it is Processed by the Importer, including for the Exporter to carry out any TRA. |
Importer Personal Data Breach | A ‘personal data breach’ as defined in UK GDPR, in relation to the Transferred Data when Processed by the Importer. |
Linked Agreement | The linked agreement set out in Table 2: Transfer Details. |
Local Laws | Laws which are not the laws of the UK and which bind the Importer. |
Mandatory Clauses | Part four: Mandatory Clauses of this IDTA. |
Notice Period | As set out in Table 2: Transfer Details. |
Party/Parties | The parties to this IDTA as set out in Table 1: Parties & Signature. |
Personal Data | As defined in the UK GDPR. |
Personal Data Breach | As defined in the UK GDPR. |
Processing | As defined in the UK GDPR. When the IDTA refers to Processing by the Importer, this includes where a third party Sub-Processor of the Importer is Processing on the Importer’s behalf. |
Processor | As defined in the UK GDPR. |
Purpose | The ‘Purpose’ set out in Table 2: Transfer Details, including any purposes which are not incompatible with the purposes stated or referred to. |
Relevant Data Subject | A Data Subject of the Transferred Data. |
Restricted Transfer | A transfer which is covered by Chapter V of the UK GDPR |
Review Dates | The review dates or period for the Security Requirements set out in Table 2: Transfer Details, and any review dates set out in any revised Approved IDTA. |
Significant Harmful Impact | As defined in Section 26.2 as where there is more than a minimal risk of the breach causing (directly or indirectly) significant harm to any Relevant Data Subject or the other Party. |
Special Category Data | As described in the UK GDPR, together with criminal conviction or criminal offence data. |
Start Date | As set out in Table 1: Parties and signature. |
Sub-Processor | A Processor appointed by another Processor to Process Personal Data on its behalf. This includes Sub-Processors of any level, for example a Sub-Sub-Processor. |
Tables | The Tables set out in Part one of this IDTA. |
Term | As set out in Table 2: Transfer Details. |
Third Party Controller | The Controller of the Transferred Data where the Exporter is a Processor or Sub-Processor If there is not a Third Party Controller this can be disregarded. |
Transfer Risk Assessment or TRA | A risk assessment in so far as it is required by UK Data Protection Laws to demonstrate that the IDTA provides the Appropriate Safeguards |
Transferred Data | Any Personal Data which the Parties transfer, or intend to transfer under this IDTA, as described in Table 2: Transfer Details |
UK Data Protection Laws | All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018. |
UK GDPR | As defined in Section 3 of the Data Protection Act 2018. |
Without Undue Delay | Without undue delay, as that phase is interpreted in the UK GDPR. |
This SiteGround Plugins Privacy Notice (“Plugins Privacy Notice”) describes how SiteGround Group of companies (“we”, “us”, “our”) will collect and use your personal data in its capacity as a data controller of personal data in connection with your installation and use of the plugins developed by us, including but not limited to SiteGround Migrator, Speed Optimizer (previously known as SiteGround Optimizer), Security Optimizer (previously known as SiteGround Security) and SiteGround Starter Plugins (“SiteGround Plugins“).
By installing and using any of our SiteGround Plugins you acknowledge that you have read and understood this Plugins Privacy Notice and you give your consent for your personal data to be collected, processed and used as described in this Plugins Privacy Notice.
“Data Protection Regulations” means all regulations and laws, including but not limited to laws and regulations of the European Union, the European Economic Area, their member states, Switzerland and the United Kingdom, the California Consumer Privacy Act and any other laws and regulations applicable to the processing of personal data under this Plugins Privacy Notice.
“SiteGround Group of Companies” means any and all companies, part of SiteGround Group of Companies, engaged in the processing of your personal data:
SG Hosting Inc., registered and existing under the laws of Delaware, USA, with principal place of business at 700 N. Fairfax St., Suite 614, Alexandria 22314 VA, USA;
SiteGround Spain S.L., registered and existing under the laws of the Kingdom of Spain (CIF: B87194171), with registered address at Calle de Prim 19, 28004 Madrid, Spain;
SiteGround Hosting Ltd., registered in England and Wales (Registration No. 09348602), with registered address at 7th Floor 50 Broadway, London SW1H 0DB, United Kingdom;
SiteGround Hosting EOOD, registered in Bulgaria (UIC: 204181297), with registered address at 6 Olimpiyska St., fl. 7, Sofia, Bulgaria.
The natural persons whose personal data is subject to data processing under this Plugins Privacy Notice are the individuals who use SiteGround Plugins (“data subjects”, “you”, “your”, “user”).
The types of personal information we may collect about such data subjects are as follows:
Contact information – We may collect personal data such as your email address and other contact and personal information about you during the course of your use of SiteGround Plugins.
Personal information contained in log files – We may process information such as your IP address, browser software, operating system and/or other data contained in the log files generated via your use of SiteGround Plugins.
Other types of personal data – When a SiteGround Plugins user contacts us we may process the personal data provided to us in order to deal with that user’s query.
We strive to collect only the minimum personal data necessary for the completion of the purposes of data processing, as set out below.
If you are residing in a country from the EU/EEA or in the UK, or in any other country where the processing of personal data shall be subject to a legally defined lawful basis, the following purposes and legal basis shall be applicable to the processing of your personal data by SiteGround:
Information collected through the SiteGround Plugins will only be retained for as long as necessary to fulfil the purpose for which it was collected. The personal data we process about you on the basis of your consent will be deleted within 30 days of your withdrawal of such consent. If you would like to receive more information regarding the periods for which we retain your personal data, please contact us at: plugins_privacy@siteground.com.
All personal data collected by SiteGround Group of Companies is treated as confidential. We disclose entire or part of your personal data in the limited circumstances described below and with appropriate safeguards on your privacy:
If we are required by law, we may disclose your personal data in response to a subpoena, court order, or other legitimate governmental request.
We may disclose your personal data to our independent contractors, including vendors based worldwide (such as server functionality service providers), external consultants, auditors, collaborators or other third parties, which need to know such personal data in order to provide us with services, improve SiteGround Plugins or to process the personal data on our behalf and also for administrative, billing, tax, legal, marketing and all other purposes related to the SiteGround Plugins.
We may share your information with third parties in connection with any prospective or completed business reorganisation, merger, sale of company assets, or acquisition of all or a portion of our business by another entity, or in the unlikely event that we go out of business or enter bankruptcy. If any of these events happens, the processing of the personal data would continue to be in strict compliance with the applicable Data Protection Regulations.
We may share your information with other third parties with your explicit consent or at your direction. We will not, however, sell, rent, share or otherwise disclose personal data for commercial purposes in any way that is contrary to the commitments made in this Plugins Privacy Notice.
SiteGround Group of Companies may process your personal data in data centers located inside and outside the European Union, EEA and the UK. Information about the data centers locations is available on: https://www.siteground.com/datacenters and SiteGround reserves the right to update it from time to time. You agree that we may change the locations of the Data Centers and move your personal data to another Data Center at our sole discretion. We will make sure that any transfers of your personal data from one country to another comply with thе applicable Data Protection Regulations, and for such transfers the appropriate transfer mechanisms are put in place (adequacy decisions, Standard Contractual Clauses, International Data Transfer Agreement, etc., as applicable).
SiteGround Group of Companies shall implement and maintain adequate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The security measures include measures to provide encrypted transmission of personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems; and are subject to regular testing of effectiveness. We may improve, update or modify the security measures provided that such updates and modifications do not result in the degradation of the overall security of the SiteGround Plugins.
At any time during the processing your personal data, you as a data subject, have the following rights:
In the event that you wish to make a complaint about how your personal data is being processed by the SiteGround Group of Companies, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority, whose details are available below:
Supervisory authority contact details | |
Contact Name: | Bulgarian Commission for personal data Protection |
Address: | Bulgaria, Sofia 1592, 2 Prof. Tsvetan Lazarov Boulevard |
Email: | |
Telephone: | +359 2 91 53 518 |
You must be of legal age at the time you download, install and use SiteGround Plugins. By installing any SiteGround Plugins you declare that you are of legal age.
We reserve the right to modify this Plugins Privacy Notice at any time. If we decide to change this Plugins Privacy Notice, we will post the updates to this Plugins Privacy Notice here and on any other page we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Notice, we will notify you here or by email, at least ten (10) calendar days before the changes take effect.
If you have any questions regarding this Plugins Privacy Notice, if you wish to exercise any of your rights in relation to your personal data, or if you want to object to the collection or processing of your personal data by us, whether entirely or partially, please contact us at plugins_privacy@siteground.com.
We and our partners use cookies in order to enable essential services and functionality on our site, to collect data on how visitors interact with our site and for personalization of content and ads. By clicking “Accept all cookies”, you agree to the use of cookies by all of the websites listed in our Cookie Policy. By clicking on the Reject button or by closing this banner, you accept only the strictly necessary cookies and no analytics or targeting ones. To learn more about our use of cookies, please visit our Cookie Policy. You can manage your cookies preferences at any time in the Cookie Settings tool on our site.
The following Terms of Service (“TOS,” “Terms” or “Agreement”) apply to your use of our website and all services, features and/or content provided by TroyCoLIVE (“TroyCoLIVE,” “us,”, “our” ). TroyCoLIVE is the trade name of SG Hosting Inc., with registered address:901 N. Pitt St Suite 325, Alexandria, 22314 VA. By purchasing one or more Services from TroyCoLIVE, you declare that you have read, understood and agree to be bound by this TOS. The latest version of our TOS is always available on the TroyCoLIVE website. It is essential that you read this TOS prior to purchasing any Service(s) from TroyCoLIVE.
1.1. These TOS apply to all Services provided by TroyCoLIVE to you throughout the entire Term or Renewal Term. The TOS consist of the following: Terms of Service, Acceptable Use Policy (AUP), Domain Name Agreement, Copyright/Trademark Infringement Policy (DMCA Policy), Privacy Policy, Cookies Policy and Data Processing Agreement. Collectively these documents are referred to herein as the “TOS.” They are referred to by their individual names if a particular paragraph applies to that document alone.
1.2. The TOS, together with your Order, represent the entire Agreement relating to the Services and supersedes any other agreement previously established between you and TroyCoLIVE. Sending an Order to TroyCoLIVE constitutes acceptance by you of these TOS.
1.3. In addition to these TOS, all registrations of domain names are subject to the terms and conditions set out in our Domain Name Agreement, an integral part of these TOS. The Domain Name Agreement incorporates by reference the terms and conditions of the respective Registrar, its rules and regulations.
2.1. In these TOS the method you use to choose which Service(s) to purchase or renew is referred to as an “Order.” First-time customers must purchase our Service(s) through our website. Existing customers may purchase or renew Services through the TroyCoLIVE User Area, or by contacting our customer support team via chat, phone or ticket. You acknowledge and agree that all conversations with our customer support team shall be recorded and records of such conversations shall be treated as an Order for purchase or renewal of the respective Service(s).
2.2. Your Order will be deemed to be an offer by you to purchase the for Service(s) from us subject to these TOS No Order shall be deemed to be accepted by TroyCoLIVE until we send you an email notification of our acceptance of the Order.
2.3. The date on which TroyCoLIVE will provide notice of acceptance of the Order, shall be considered as the Effective Date of this Agreement. The Term of the Service(s) will commence as of the Effective Date. Upon expiry of the Term it can be renewed as described in our Renewal Policy.
2.4. You must be at least eighteen (18) years of age at the time you place your Order. By submission of an Order you declare that you are eighteen (18) years old or older and have the legal capacity to enter into an agreement with TroyCoLIVE.
2.5. If you place an Order on behalf of a legal entity, you represent and warrant that you have the legal authority to bind such legal entity to these TOS, in which case the terms “you” or “your” shall refer to such legal entity. In the event that TroyCoLIVE establishes that you do not have the legal authority to bind such legal entity, you will be personally liable for the obligations under these TOS.
2.6. By placing an Order to purchase our Services you declare that there is no other restriction to enter into an agreement with TroyCoLIVE and you are not subject to trade sanctions, embargoes, and other restrictions.
2.7. You understand and agree that all Orders may be subject to automated compliance checks to determine if they meet our financial, security and other reasonable criteria (Fraud Screen). If your Order is flagged for review by any of these checks, it may require our manual review and approval. For such reason, we might ask you for additional information before we can approve and accept your Order. We will use commercially reasonable efforts to review such Orders in a timely manner, but we are not liable for any delays.
2.8. By submitting an Order for purchase of our Service(s) you agree and expressly authorize us to use all personal data you provide in order to perform compliance and anti-fraud checks. You agree and expressly authorize us to disclose your personal data to third-parties or to obtain information about you from third parties, including but not limited to your credit/debit card number, in order to authenticate your identity, to validate your credit/debit card, to obtain an initial credit/debit card authorization. Please refer to our Privacy Policy for further information about how we use your data.
2.9. Orders that fail our Fraud Screen will not be approved and Service(s) will not be provided. In case an Order fails to pass the Fraud Screen, you will receive formal notice that your Order has been cancelled. We are unable to provide additional information about the reasons a particular Order fails to pass the Fraud Screen. In case your Order is cancelled and Service(s) are not activated, TroyCoLIVE will reimburse you for all pre-paid fees within seven (7) working days as of the date of TroyCoLIVE’s formal notice to you that your Order was cancelled. We have no liability for payment of any indemnification, compensation for damage or claims related to the Orders not approved because they have failed our Fraud Screen. No interest or other charges will accrue on the advance paid amounts.
3.1. TroyCoLIVE may process personal data as part of the Service, to which certain data protection of privacy law may apply, including the European Union’s General Data Protection Regulation (“GDPR”). For the purposes of these TOS, personal data shall have the meaning set out in our Privacy Policy. Please refer to our Privacy Policy for complete information on what personal data we collect and how we process and disclose it.
3.2. Under the GDPR the Customer may qualify as the “controller” and TroyCoLIVE may qualify as the “processor” for personal data that TroyCoLIVE stores, transmits or manages for the Customer. By uploading and storing content on our servers you acknowledge and agree that TroyCoLIVE shall act as a data processor regarding your content. If GDPR applies, the relationship between you and TroyCoLIVE related to processing of your content is set out in our Data processing Agreement (DPA), which is an integral part of our Privacy Policy and these TOS. DPA shall be considered concluded between the Parties by acceptance of these TOS by the Customer. Customer must inform TroyCoLIVE if it (a) intends to use or access the Services relating to activities establishing Customer as a “controller” or “processor” in the European Union pursuant to Article 3 of the GDPR or (b) believes that the GDPR or other data protection or privacy laws apply for other reasons.
4.1. For the purposes of these TOS “Service” or “Services” means any and all services provided by TroyCoLIVE under these TOS including, without limitation, any of our subscription plans for hosting services, additional features, website migration services, domain name registration services, support services, third-party products and services, any any other services which may be provided from time to time as set out on the portion of our website describing the individual Service (Product Pages).
4.2. The Services will be provided to you as configured for our standard customer. We might modify, update or upgrade the Services and/or add, remove or modify any software, functionality or configuration installed on or used by the Services at any time with or without prior notice. You will bear ultimate responsibility to ensure that the Services are configured to meet your operational, privacy and security needs. Your hardware, software as well as any other items you deem necessary to use the Services shall be compatible with the Services. We will not be obliged to modify the Services to accommodate your use.
4.3. To the maximum extent applicable under national law and without affecting your rights as a Consumer, the Services will be provided on “as-is basis”. The hardware configurations may vary. TroyCoLIVE may replace your host server hardware, transfer it from one datacenter to another, transfer your account to another server, including to servers in another datacenter or geographic location, or modify certain software configurations when deemed necessary by TroyCoLIVE in order to ensure the quality and security of the Services.
4.4. The proprietary and third-party software we offer as part of the Service(s) will be provided as-is and will be subject to availability and all warranty disclaimers and limitations of liability set out herein. Such software may have terms and conditions that are in addition to those set out in these TOS. You must agree to those terms to use the software. If you fail to do so, you will not be able to use the Service(s). Terms and conditions concerning the above mentioned third party software are incorporated by reference and links to any such terms and conditions are available in an appendix to these TOS.
4.5. We may assign an Internet Protocol (“IP”) address for your use. You shall have no right to use that IP address except as permitted by TroyCoLIVE in our sole discretion in connection with the use of our Service(s). We shall retain ownership of all IP addresses assigned to you by TroyCoLIVE. We reserve the right to change or remove any and all such IP addresses in our sole discretion. You acknowledge and agree that shared IP addresses assigned to you by TroyCoLIVE shall be used by other customers as well.
4.6. We provide certain Services designed to filter unwanted email. Depending on the Services set out in your Order, email filtering may be activated by default; in other cases, it may be available as an additional paid Service. Email filtering will likely result in the capture of some legitimate email and the failure to capture some unwanted email that may contain spam, phishing scams and viruses. We recommend that you implement additional levels of protection. Email that is captured by our filtering system is not subject to our SLA.
5.1. TroyCoLIVE’s Service Level Agreement sets out the performance you can expect from us. To the maximum extent applicable under national law and without affecting your rights as a Consumer, this SLA is your sole and exclusive remedy for downtime, or any network, software, hardware or Equipment failure.
5.2. We guarantee network uptime 99.9% on an annual base. If we fall below the guaranteed network uptime, we will compensate you as follows:
5.3. You may check the status of your hosting server uptime from your User Area. You may contact our customer service team if you believe an SLA event has occurred. Compensation is limited to the length of your current Term, but cannot exceed twelve months.
5.4. The following events do not count towards our calculation of uptime:
5.5. Our calculation of network availability is based on our internal records. We will not accept third-party reports as evidence that you are entitled to a compensation under this SLA.
6.1. You are responsible for the payment of the fee(s) set out on the Order, in the currency specified on the Order (Fees). All fees must be paid in advance for the entire term or renewal term set out on the Order.
6.2. The current fee(s) and payment method(s) are listed on our website. Unless a specific agreement for use of the Service(s) exists between TroyCoLIVE and you, you acknowledge and agree to pay the fee for the respective Service(s) indicated on our website at the time you submit your Order. TroyCoLIVE reserves the right to change the fees at any time without notification. Changes in fees shall be effective immediately and will apply for you as of your next purchase or renewal.
6.3. All Fees listed on our website are net of applicable taxes, unless explicitly stated otherwise. You are responsible for all taxes levied on the Services.
6.4. In certain cases, the issuer of your payment method may charge you a foreign transaction fee or other fees, which may be added to the final amount that appears on your bank statement or posted as a separate charge. TroyCoLIVE has no control over such fees.
6.5. Time for payment is of the essence. Customer’s account(s) will not be activated or renewed until all outstanding fees are paid to TroyCoLIVE. Domain name registration fees must be paid in full before your domain name registration will be processed.
6.6. In the course of the order process, in case of payment by card, you will be asked to provide your card information, which will be verified. By submitting an Order you authorize TroyCoLIVE to verify your card and charge it for the total amount of your Order. If the issuer of your payment method refuses to authorize the transaction to TroyCoLIVE, we will not be liable for non-provisioning the Service(s).
6.7. In case of payment via PayPal or a similar online payment provider, immediately after submitting your Order you will be directed to the web page of the payment provider, where you will authorize the payment. You acknowledge and agree that the processing of payments will be subject to the terms, conditions and privacy policies of the respective payment processors in addition to this Agreement. Once the transaction is completed, you will be redirected to our website.
6.8. You acknowledge and agree that your payment details shall be stored by our payment providers to process payment for any TroyCoLIVE Service(s) you purchase or renew.
6.9. Our obligation to provide the Service(s) depends on your payment of the Fees. It is your responsibility to ensure that we receive timely payment of the Fees.
6.10. You are responsible for keeping at least one active payment method on file. We reserve the right to make an alternative payment method primary if we determine that the current one is not active for any reason. You can manage your payment method(s) in the TroyCoLIVE User Area.
6.11. You confirm that any payment method you use and/or add on file is yours or that you have been specifically authorised by the owner of the card to use it for the purchase.
6.12. In case of delay in payment of any fees(s) due, for whatever reason, we may continue to attempt to collect payment from the payment method on file, suspend, and/or terminate your Services and pursue the collection costs incurred by TroyCoLIVE, including without limitation, any court and legal fees and TroyCoLIVE’s reasonable attorneys’ fees. We are not responsible for any deleted or lost Customer Content that results from any suspension or termination of the Service(s).
6.13. You acknowledge and agree that if your card issuer supports Recurring Billing Programs or Account Updater Services, we may participate in such programs or services. As part of these programs, your card issuer will send our payment processors updated information for your payment method(s) on file and we may automatically charge your new card without prior notification. Participation in such programs does not guarantee that we will receive payment of the fees. It is your responsibility to pay all fees due.
6.14. Certain Service(s) may be available to you for free. Such Service(s) may only be used by you during your current Term and may not be transferred to other Hosting Accounts or to third-parties. Upon Termination of your Agreement such Service(s) will also be terminated.
6.15. Invoices are due immediately upon receipt. TroyCoLIVE reserves the right to suspend and/ or terminate the Services until payment is made.
6.16. By accepting these TOS, you hereby authorize TroyCoLIVE to send you invoices electronically at the email address specified in your User Area. If you would like to receive a paper invoice, please contact us through your User Area.
6.17. Should the Services be suspended due to your fault for any reason, Fees will continue to accrue until the termination or expiry of the term of this Agreement.
6.18. If you believe there is an error on your invoice, you must immediately contact us in writing. We each agree to work together in good faith to resolve any billing disputes. If you contact your credit card company and initiate a “chargeback” based on this dispute, we may suspend the Service(s) until the dispute is resolved. To reactivate your Service(s), you must first pay all outstanding Fees.
6.19. Refund requests are processed as set out in our Money Back Policy. We will apply any refund using the same means of payment as you used for the initial transaction, unless we have expressly agreed otherwise. TroyCoLIVE is not responsible for delays to refunds caused by processing institutions or expiration of the original payment method.
6.20. With your prior consent we may process a refund as credit added to your Customer Account (TroyCoLIVE Wallet) to be used for future purchases and/or renewals of our Service(s). TroyCoLIVE Wallet amounts can be reimbursed upon your explicit request.
7.1. All our Services are by default set to renew automatically, with the exception of Reseller Shared Hosting accounts and upgrades. You can adjust the renewal settings and/or renew Services manually from the TroyCoLIVE User Area at any time before a Service is terminated.
7.2. All available Renewal Terms and the respective Renewal Fees are set out in your User Area. From time-to-time special promotions may be available only for manual renewal of your Services.
7.3. We will attempt to renew Services for which automatic renewal is enabled and charge the then current Renewal fee(s):
7.4. If we cannot process a renewal at the scheduled date, we may make additional attempts to charge your payment method(s) until you renew the Service(s) or terminate the Agreement. We will always charge for renewal the primary payment method on file first. Should the primary payment method fail, we will retry billing any other payment methods on file in the order listed in your User Area. We are not responsible for the operation of the Service(s), if Services are suspended/terminated because your payment methods have expired or are no longer valid for any reason.
7.5. You acknowledge and agree that even if a Service is set to renew automatically and/or you have an active payment method on file, we might not be able to renew the Services. It is your responsibility to ensure that you have paid the fees and a renewal has been processed.
7.6. You acknowledge and agree the Service(s) shall be terminated upon expiry of the term, unless you activate the automatic renewal option or manually renew the term of the Service(s). You agree that TroyCoLIVE shall not bear any responsibility and liability for any damages whatsoever including, but not limited to, damages for lost profits, cost savings, revenue, business, data or use, or any other pecuniary loss by you or any other third party, if we are unable to charge your payment method on file or you fail to renew the Services manually.
8.1. If you no longer need a Service you have purchased or are unsatisfied with its performance, you can cancel it at any time. We recommend that cancellation requests are posted through your User Area.
8.2. Our Money Back Policy covers initial and renewal Orders for Shared Hosting and Cloud Services and most additional features we offer. For the initial period after an account is activated we will issue a full refund for Shared Hosting Accounts and Services cancelled within 30 days from activation and for Cloud Accounts cancelled within 14 days of activation. For renewal fees we will issue a full refund, if cancellation is requested within 30 days from the date on which we receive payment for renewal and the renewal Term has not started. If the renewal Term has already started, we will refund the renewal fees less the fees due for the first month of the renewal Term. Refunds are processed within ten (10) business days after a Service is cancelled.
8.3. Reseller packages are eligible for a refund only if the complete Reseller package is cancelled/terminated within 30 days after your Customer Account is activated. The Money Back Policy does not apply to termination of individual accounts in a Reseller package.
8.4. Services that are tailor-made to you, are not covered by our Money Back Policy. These include Domain name registrations, Dedicated Server Services, SSL certificates, Paid support services, including Backup Creation and Backup Restore, and third-party Services. In any case, domain name fees are not refundable and may be due upon cancellation even if waived initially as part of a special promotion.
8.5. To the maximum extent applicable under national law and without affecting your rights as a Consumer, the Money Back Policy is your sole and exclusive remedy should you decide to withdraw from this Agreement.
9.1. You can choose to upgrade or downgrade the Hosting Services at any time.
9.1. All available Upgrade options are listed in your User Area and are subject to the fees set out on the respective Product Pages (Upgrade Fee). Upon upgrade to a Shared Hosting Service, the Upgrade Fee covers the difference in fees between the two plans. Upon upgrade to a Cloud or Dedicated Hosting Service you will have to select a new Term and any pre-paid amounts remaining from your previous Service will be prorated and applied as an extension to your new Term.
9.2. You can choose to upgrade the usage for your Cloud Services by purchasing additional resources or by activating the auto-scaling feature. You will need to create an auto-scale event from your User Area. Whenever an event occurs, the additional resources you selected will be automatically applied to your Cloud Service(s) and we will automatically charge you the respective service fees for a Term of one month.
9.3. Resources that are not renewed will be scaled down upon expiration of their Term. Scaling down the RAM of Cloud Services requires reboot of the equipment and results in downtime.
9.4. You can choose to downgrade your Service(s) only if:
9.5. You can request a downgrade through our HelpDesk. We may refuse to process your request if your account does not meet the conditions for a downgrade or if in our reasonable opinion the new plan is not suitable for your website. Any additional or free Services that are not included in or are not compatible with the new plan will be terminated. Upon downgrade we will prorate the difference in Fees between the two plans for any full months remaining from your Term, and will apply that as extra time to your new plan. If no full months remain, your Service will keep its current Term.
10.1. If you are a new customer, upon purchase of our Services we will create a Customer Account for you. Your Customer Account contains your personal details and grants you access to our User Area where you can access, review, update and manage your Services, payments and contact information.
10.2. If you purchase Services on behalf of another person or entity, you warrant that you will administer their Customer Account in good faith and in their best interest, and will indemnify us against all losses and liabilities sustained by us should you administer the Account in ways that are adverse to the End User and result in any claim against us.
10.3. Login to the User Area requires the use of username and password. You agree not to use the account, profile, username, or password of another user at any time. You will be solely responsible for the security of your login credentials. You shall keep all passwords confidential and take security measures to prevent unauthorized access to them. For security purposes, TroyCoLIVE highly recommends that you keep different passwords for different Customer Accounts and service providers, refrain from using any functionality that saves or stores your login credentials and regularly update your password.
10.4. As an additional security measure, you may set up two-factor authentication (2FA) for your User Area. Follow the instructions in your User Area in order to enable/disable 2FA. If you choose to install and use a 2FA application on a device (e.g. phone or tablet) on which the operating system has been tampered with in any way, you do so at your own risk.
10.5. You are solely responsible for the activity that occurs on your Account, regardless of whether the activities are undertaken by you, your employees or a third party, and for keeping your Account password secure. You shall notify TroyCoLIVE immediately of any breach of security or unauthorized use of your Account to the following email address: privacy@TroyCoLIVE.com.
10.6. You are responsible for providing and maintaining true, current, complete and accurate information. If you fail to do so, we accepts no liability in the event that we grants access to the account to another person.
10.7. For avoidance of doubt, the individual or entity whose personal data is listed in the ‘My Details’ section of the User Area is considered by us to be the owner of the account (Account Owner). Domain names are owned as set out in applicable ICANN rules. If you purchase a domain name on behalf of a third party, and a dispute arises regarding your administration of that domain name, you agree to pay all registration fees during the time the dispute is pending.
10.8. It is your obligation to ensure that you correctly indicate ownership of your account. If there is a dispute about ownership, the account may be locked until the parties to the dispute agree on a resolution, or until the matter is resolved judicially.
11.1. You acknowledge and agree that your use of the Service(s) and any Content uploaded, stored, published and displayed on or through the Service(s) are in compliance with these TOS and all applicable laws, including laws of the jurisdiction where the Service or Content is uploaded, hosted, stored, accessed or used. You shall implement any restrictions necessary in order to prohibit use of the Services by any third party or in any jurisdiction, as required to comply with such laws.
11.2. You must ensure that each of your End users complies with these TOS, and to any policies and agreements that are incorporated by reference.
11.3. You may not upload, store, publish and display on or through our Service(s) any personal data, private or any other personally identifying information, images, videos of minors or any third party, without the consent of said party (or a parent’s consent in the case of a minor). If you use the Services to upload, store, publish, display or otherwise disclose such information, you acknowledge and agree that you have obtained the prior consent of the said parties.
11.4. You shall not use our Service(s) for hosting websites for high-risk activities where the interruption or malfunction of the Services could lead to serious consequences, including but not limited to personal injury, death, environmental damage, etc. For such websites, you must receive confirmation from us that you can use the Services before submitting your Order. Examples of high risk activities include but are not limited to nuclear facilities, air traffic control, life and health support, etc. Please refer to our Acceptable Use Policy for detailed information on the rules and guidelines for using our Services.
11.5. You are responsible to provide accurate and complete information about you and your organization (if you purchase on behalf of a organization) and promptly update all provided information. We shall not be liable for any errors or damages caused by any failure from your side to provide complete and accurate information.
11.6. You are responsible for all your activity related to the use of our Service(s) and the activity of any user who has access to your Customer Account and the Services.
11.7. You declare that (i) you have technical knowledge necessary to ensure the proper use, administration, management of our Service(s); (ii) you have sufficient knowledge about administering, designing and operating the functions facilitated by the Services necessary to take advantage of them.
11.8. You acknowledge and agree that if you resell our Services or administer Services on behalf of others, you must ensure that each of your clients and/or End Users complies with these TOS. You understand and agree that you are responsible for all content uploaded, stored or transmitted on or through the Services and any acts or omissions of your clients or End Users that violate these TOS or the law.
11.9. When using the Services, you will ensure that neither you nor any of your End Users make use of the Server resources to TroyCoLIVE’s detriment or that of other TroyCoLIVE customers.
11.10. You shall indemnify, defend and hold harmless TroyCoLIVE, and its respective officers, directors, shareholders, employees, agents and representatives against all damages, claims, liabilities, losses and other expenses, including without limitation reasonable attorneys’ fees and costs, whether or not a lawsuit or other proceeding is filed, that arise directly or indirectly from your or your End Users’ acts or omissions.
11.11. You must obtain all equipment necessary to access and use our Service(s). It is your responsibility to use equipment, software or applications which are compatible with our Service(s). When accessing or using our Services you may not use equipment and/or software which are faulty or with malfunctions that may cause security issues with our servers, damage the integrity of the network and/or vulnerability of the Service(s).
11.12. You are solely responsible for obtaining all intellectual property rights in the intellectual property of others, including, but not limited to, clearances and/or other consents and authorizations necessary to use the names, marks or any content, materials which are used by you on, or transmitted through the Services.
11.13. If you use any third-party software on the Services, you warrant to TroyCoLIVE that you are duly licensed to use the software, and that the licence grants sufficient rights to TroyCoLIVE to provide the Services. You agree to provide us with such licence(s) upon request. If you fail to provide reasonable evidence of licensing, TroyCoLIVE, at our sole discretion, may suspend the Services and/or terminate the Agreement with immediate effect.
11.14. You acknowledge and agree that TroyCoLIVE may periodically run a series of scripts (audit) on your Service(s) to determine what third-party software is installed on the Service(s) and how many Users have access to each piece of software. You authorize us to disclose the results of such audits to third parties. You shall indemnify TroyCoLIVE against any costs, claims, losses, damages, liabilities, demands and/or expenses including reasonable legal costs incurred and/or suffered as a result of any failure by you to be properly licensed in respect of use of third-party software.
11.15. You shall provide to TroyCoLIVE, at your cost, any information, resources or facilities reasonably requested by TroyCoLIVE for the delivery of the Service(s) and, where necessary, ensure that your employees, contractors and other suppliers cooperate fully and promptly with TroyCoLIVE to such aim.
11.16. Any instructions supplied by you to TroyCoLIVE must be complete and accurate and clearly legible. We shall not be liable for any errors caused by any failure from your side to provide complete and accurate information. It’s your obligation to follow our instructions and to cooperate with us for the proper provision of our Services.
11.17. You acknowledge and agree not to make any modification or alteration of any part of our Service(s) or related technologies.
11.18. You acknowledge and agree not to modify, copy, distribute, transmit, display, perform, reproduce, publish, license, commercially exploit, create derivative works from, transfer or sell any content, software, or services contained on our Site, except where explicitly authorised by us.
11.19. You acknowledge and agree that any information, articles, tutorials, guidelines or technical support advice may be provided by us only for your convenience and do not constitute official statements.
11.20. You are responsible to make backup copies of all your content uploaded, stored, published and displayed on or through our Service(s) in a location independent of ours, and will not use our Backup Services as your sole backup.
The Services provided by TroyCoLIVE will not comply with the federal Health Insurance Portability and Accountability Act (“HIPAA”), hence TroyCoLIVE is not HIPAA compliant. You acknowledge and agree that our Services may not be appropriate for the storage or control of access to sensitive data, such as information about children or medical or health information. Customers requiring secure storage of “protected health information” as defined under HIPAA are expressly prohibited from using the Services for such purposes. Storing and permitting access to “protected health information” is a material breach of thеsе TOS, and grounds for immediate termination of the Agreement. TroyCoLIVE will not sign “Business Associate Agreements” and you acknowledge and agree that we are not a Business Associate or subcontractor of yours pursuant to HIPAA.
13.1. You may upload, store, publish, display and disclose information, text, files, emails, images, designs, graphics, photos, videos, sounds, software and other content on or through the Services (“User Content”). User Content includes any content posted by you or by users of any of your websites hosted through the Services (“User Websites”). You are solely responsible for any and all User Content and any transactions or other activities conducted on or through User Websites. By posting or disclosing User Content on or through the Services, you represent and warrant to TroyCoLIVE that (i) you have all necessary rights to display and disclose such content, and (ii) your posting or disclosure of User Content does not violate the rights of TroyCoLIVE or any third party.
13.2. Solely for purposes of providing our Services, you hereby grant us a worldwide, non-exclusive, royalty-free, perpetual, irrevocable right and license to: (i) use, modify, publicly perform, publicly display, reproduce, excerpt (in whole or in part), publish, distribute User Content, including to make back-up copies of User Content and User Websites without any payment. Except for the rights expressly granted herein, TroyCoLIVE does not acquire any right, title or interest in or to the User Content, all of which shall remain solely with you.
13.3. TroyCoLIVE shall not exercise control over and accepts no responsibility for User Content or any other information passing through our Services. TroyCoLIVE may monitor User Content, but is under no obligation to do so. If you or your End Users post or publish any material in violation of these TOS, or otherwise violate these TOS, in order to resolve the issue TroyCoLIVE reserves the right to review your Content and immediately take any corrective action, including without limitation removal of part or all of the User Content or User Websites, suspension or termination of any and all Services with no refund. You hereby agree that TroyCoLIVE shall have no liability due to or arising out of any corrective action that TroyCoLIVE may undertake.
14.1. Technical support services:
14.1.1. We provide technical support for issues related to functionality of any Service(s) and features purchased from us. Our technical support is available for all customers and is provided on an as-is, as available basis.
14.1.2. We aim to deliver support in a fast and efficient manner, however, we cannot guarantee that all inquiries will be handled within the statistical averages advertised on our site.
14.1.3. You may request technical support through our HelpDesk. Technical support will be provided via phone, chat and/or ticket. Depending on the issue, we may not be able to provide assistance over all communication channels, but will recommend one or two where support can be delivered.
14.1.4. If you request technical support, you agree that we may have full access to your Services and/or Content. It is your obligation to perform and store a backup of your data and files prior to requesting technical support. You are solely responsible for any instructions you provide to us as part of your technical support request. You understand and agree that any modifications we perform in order to address your technical support issue may affect the functionality of your website and/or Services. It is your responsibility to ensure that your website is operational and the Services are configured to your needs once we complete work on your request.
14.1.5. If your request for technical support exceeds that of similarly situated customers or is outside the scope of our free technical support, we reserve the right to deny service related to such request.
14.1.6. To the maximum extent applicable under national law and without affecting your rights as a Consumer, all technical support is provided as-is and is subject to the disclaimers of warranties and limitation of liability set out in these TOS. While we use reasonable efforts to provide technical support in a timely and professional manner, we cannot guarantee the result you expect or that an issue might not occur again. We retain the right not to process your technical support request(s), if: (i) you violate these TOS; (ii) you are abusive towards our employees or subcontractors; (iii) the need for Technical Support Services is due to any modification or attempted modification of the Services made by you or any third party outside of TroyCoLIVE’s control, or your failure or refusal to implement changes recommended by TroyCoLIVE. We may refuse to perform any request that requires changes not compatible with the Services or not related to them or that might create a security risk or deteriorate their performance.
14.2. Scope of free technical support
14.2.1. We provide free technical support for issues related to our hosting platforms and features:
Issues related to the functioning and functionality of any of our Services, including issues you report related to the uptime and stability of our Services;
Issues related to the proper functionality of TroyCoLIVE User Area, including tools and features provided by TroyCoLIVE, such as auto-update services, caching, staging, integration for currently supported SSL certificates, daily backup, control panels, CDN and other;
Assistance related to settings and proper usage of the tools and features provided by us;
Inquiries related to the registration, renewal, and transfer of domains to us, DNS or WHOIS updates. For issues related to domain transfer from TroyCoLIVE to another hosting provider or registrar, our support is limited to make sure the domain is transferable per the requirements for the respective domain extension.
14.3. Issues outside the scope of free technical support
14.3.1. Certain issues are outside the scope of our free technical support:
Issues related to the installation of third-party scripts/applications not provided by TroyCoLIVE;
Website related inquiries such as coding issues, database optimizations, benchmark tests, installation of new software on the server, changing the current setup of your servers, etc.;
Issues related to web design, web development and/or customization;
Inquiries related to the functioning of scripts, optimizations, SEO services, themes or extensions;
Website security audits and malicious code clean-up issues.
14.3.2. If you request technical support for issues outside the scope of our free technical support services, we may provide you with assistance at our own discretion, subject to availability and additional fees. We will inform you, and receive your consent, prior to charging you for technical support. Fees for technical support must be paid in advance.
15.1. You acknowledge and agree that it is your responsibility to regularly back up all your Content in order to prevent potential data loss. We will use commercially reasonable efforts to back up data stored on your Hosting account. We will not back up files containing temporary or transient data which cannot be restored in a useful state.
15.2. You agree that you will keep independent backup copies of your Content in addition to those we maintain. If you use our Backup Services, you acknowledge and agree that due to technical reasons a backup copy may not be available for restore upon your request. Examples of technical reasons include but are not limited to excessive number of files in the backup, backup software failure, storage failure or corrupted backup files.
15.3. We keep a limited number of backup copies of your account as set out on the respective Product Page. If you upgrade/downgrade the Services, we may delete old backup copies created on your previous plan and start new backups of your data.
15.4. We may host your account and the backups of your data in different datacenter locations. You acknowledge and agree that for service provisioning purposes, your backups may be stored on servers in a different state, country or continent and in case of emergencies may be restored on servers outside your data center location of choice. In case of offsite data transfer to different locations all applicable data protection regulations and arrangements in our DPA will be followed.
15.5. You agree to notify us through your User Area in case the Backup Service malfunctions and allow us reasonable time to resolve the issue. In the event that you are not satisfied with the outcome of any Backup Restore, it shall be your obligation to restore your files and data from your own backup. If we provide data to you from a backup, it will be provided as raw data, and you may be required to reformat that data so that it reflects a prior configuration or use. If you purchase Backup Services from us, our only obligation is to restore your data from a backup copy.
15.6. To the maximum extent applicable under national law and without affecting your rights as a Consumer, our Backup Services are provided “as-is” and are subject to all limitations of liability set out in these TOS.
16.1. TroyCoLIVE retains ownership of all intellectual property rights related to the provisioning of the Service(s). TroyCoLIVE grants to you a non-exclusive, non-transferable limited license to access and use the Service(s) during the Term or any Renewal Term. All trademarks, product names, services, software, script, source code, content, photos, graphics, videos on our website, logos or slogans (“TroyCoLIVE’s content”) used by TroyCoLIVE are owned by or licensed to TroyCoLIVE. You acknowledge and agree not to modify, copy, reproduce, download, transmit, distribute, sell, license, publish, broadcast, create derivative works from, or store TroyCoLIVE’s content for purposes other than using our Services, without our express prior written consent.
Unless otherwise set out in these TOS, you own all right, title and interest to the information you place on our servers pursuant to the Services. If you submit feedback to us concerning your idea and suggestions related to the Services, we shall have the right to use that information to improve our business processes. You have no right to any intellectual property that is based on an improvement to our business based on this feedback.
16.2. You are welcome to provide us with a written or verbal testimonials of our Services in connection with your use of the Services. You acknowledge and agree that we may, at our discretion, use the testimonial to promote our Services online and in social media. Further to our use of your testimonial, you hereby agree and give your consent to TroyCoLIVE to publish your name, voice or likeness, profession, website, video and/or contact information in connection with the publication of the testimonial. If you would like to withdraw your consent, please send your request to privacy@TroyCoLIVE.com.
17.1. Our site and Services may contain link(s) to other websites operated by or with content provided by third parties. You understand and agree that TroyCoLIVE has no control over any such third-party websites or their content and will have no liability arising out of or related to your use of any third-party websites or their content. TroyCoLIVE shall not bear any responsibility for any legal documents (agreements, terms and conditions, policies and etc), content and practice of any third-party websites. The existence of any third-party links does not constitute endorsement of such websites, their content, or their operators. TroyCoLIVE includes these links only for your convenience.
17.2. You acknowledge and agree that third-party links on our website may contain affiliate tracking and TroyCoLIVE may collect a share of sales or other compensation from such links.
To the maximum extent allowed by applicable law and without affecting your rights as a Consumer, you acknowledge and agree that the Services are provided by TroyCoLIVE as-is and you assume all risks and liabilities arising from or relating to your use of and reliance upon the Services, and that TroyCoLIVE makes no representation or warranty with respect thereto. TroyCoLIVE hereby expressly disclaims all representations, warranties and conditions regarding the Services, whether express or implied, including any representation or warranty in regard to quality, performance, non-infringement, commercial utility, merchantability or fitness of the services for a particular purpose. In addition, TroyCoLIVE expressly disclaims any express or implied obligation or warranty of the Services, that could be construed to require TroyCoLIVE to provide Services in such a manner to allow the Customer to comply with any law, regulation, rule or court order applicable to the actions or functions of the Customer. Without limiting the generality of the foregoing, we do not warrant that the Service(s) will meet any or all of your needs; will operate in all of the combinations which may be selected for use by you; or that the operation of the Service(s) will be uninterrupted, error-free or completely secure. No TroyCoLIVE employee, supplier or subcontractor is authorized to make any warranty on our behalf and if they make such warranties TroyCoLIVE shall not be bound by them.
To the maximum extent permitted by applicable law, and without affecting your rights as a Consumer, you agree that you will not under any circumstances, including negligence, hold TroyCoLIVE, its officers, directors, employees, licensors, agents, subcontractors and/or third party service providers liable for any direct or indirect damages of any nature and type suffered by the Customer of third parties, including, but not limited to, damages for loss of profits, cost savings, revenue, business, data or use, or any other pecuniary loss that may result from: delays, malfunctions, suspension and any other interruption in the provision of the Service(s) due to events beyond our reasonable control (for example: force majeure, third party conduct/acts, including TroyCoLIVE’s licensors and suppliers, faults and malfunctions of the machines, software and other equipment, whether owned by us or our licensors/suppliers; acts and/or omissions made by Customers and in contrast with the obligations undertaken under these TOS); data loss due to hardware or software failure; any information, data, content in or accessed through the Services; any action, information or instruction provided as part of our technical support Services; your use of the Service(s). You agree that the foregoing limitations apply whether based on warranty, contract or tort or any other legal theory and apply even if we have been advised of the possibility of such damages. In no event, we will be liable to you in the aggregate with respect to any and all breaches, defaults, or claims of liability under these TOS or under any other agreement or document for an amount greater than the fees actually paid by you to us for the respective Service(s) during the twelve month period preceding a claim giving rise to such liability. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages. You agree that in those jurisdictions, our liability will be limited to the extent permitted by law and your rights as a Consumer will not be affected.
You acknowledge and agree to indemnify, defend and hold harmless TroyCoLIVE defend, fully compensate us, our affiliates, subsidiaries, parent and related companies, licensors and any third-party service providers and each of their respective officers, directors, employees, shareholders and agents (each an “indemnified party” and, collectively, “indemnified parties”) from and against any and all claims, damages, losses, liabilities, suits, actions, demands, proceedings (whether legal or administrative), and expenses (including, but not limited to, reasonable attorneys’ fees) threatened, asserted, or filed by a third party against any of the indemnified parties arising out of or relating to: (i) your use of the Services; (ii) any violation by you of these TOS, our policies or documents which are incorporated herein, or any law; (iii) any breach of any of your representations, warranties or covenants contained in these TOS; and/or (iv) any acts or omissions by you. The terms of this section shall survive any termination of these TOS. For the purpose of this clause only, the term “you” as set out in subparagraphs (i) through (iv) includes you, End Users, visitors to your website, and users of your products or services. The terms of this Article shall survive the termination of the Agreement.
21.1. The Term for each Service you purchase shall be set out on the Order. The Term may be extended as described in our Renewal Policy or may be terminated as described below. For avoidance of doubt, “Term” shall include the initial Term and any Renewal Term.
21.2. You may terminate a Service at any time through the User Area (Cancellation Request). We will send you an email confirmation to acknowledge your completion of the Cancellation Request (Cancellation Confirmation). If you fail to complete all steps of the Cancellation Request, or if you fail to use a Cancellation Request to terminate the Services, the Services will not be terminated, and Fees will continue to be charged. You must follow this procedure in order to terminate each Service. Once you complete a Cancellation Request, we will process it and issue a refund, if applicable, as set out in our Money Back Policy.
21.3. If you are a Consumer, you have the right to withdraw from this Agreement, informing us of your decision to withdraw through the User Area (Cancellation Request) or by means of a clear declaration (e.g. a letter sent via post, fax or email). You can also use the model withdrawal form enclosed below, which – however – is not mandatory.
21.4. You acknowledge and agree that any domain name registration is subject to suspension, cancellation, transfer or modification pursuant to the terms of any applicable rules or policies, including, but not limited to: (i) the UDRP; (ii) any ICANN adopted policy; (iii) any registrar (including TroyCoLIVE) or registry administrator procedures; or (iv) any other ccTLD registry administrator procedures.
21.5. Without prejudice to the provisions laid down in other clauses of thеsе TOS, TroyCoLIVE shall be allowed to terminate this Agreement with or without notice with immediate effect if (i) you fail to pay any fees due; (ii) you breach these TOS, our Acceptable Use Policy or any other policy incorporated herein by reference, or any law and fail to cure that breach within 48 hours after receipt of written notice; (iii) you repeatedly infringe any policy incorporated herein or announced on our website; (iv) in case of any action and/or omission, failure and/or malfunction caused by you or your End User(s) which damage TroyCoLIVE servers and facilities or the servers and facilities of other network hosts or Internet users; (iv) you disclose false or misleading allegations that may negatively impact our reputation and (v) transfer all or part of your obligations and/or rights under this Agreement to third parties, without our prior written consent.
21.6. TroyCoLIVE may also terminate this Agreement by fifteen (15) days written notice as of the date of its receipt if (i) according to TroyCoLIVE’s reasonable opinion, you do not have basic technical knowledge to use the Service(s) without excessive ongoing technical support; (ii) TroyCoLIVE determines in good faith that continued provision of the Service has become unfeasible for technical, legal, regulatory, economic or any other material reason.
21.7. TroyCoLIVE may discontinue provisioning of certain Service(s) or terminate this Agreement, if a third party ceases to make components of the Service available to us.
21.8. It is important to understand that certain Services are bundled together. As a result, termination of the Services that provide hosting (Hosting Account) may result in immediate termination of multiple aspects of the Services. Upon termination any information, data, content and files stored by you on our server shall be deleted. We may keep backup data for terminated Services for up to sixty (60) days after termination and provide you with access to that data upon request and subject to availability. IP addresses and server space are recycled. It is your obligation to ensure that you arrange to migrate your website(s) or content off our servers and relinquish use of the IP address assigned to you in connection with the use of our Service(s) prior to termination. We have no obligation to provide any Service(s) to you including forward of email(s) following termination.
21.9. Model Withdrawal Form
If you wish to withdraw from this Agreement, please fill in the form below and send it back to us:
“To
SG Hosting Inc.
901 N. Pitt St Suite 325
Alexandria, 22314 VA
Email: legal@TroyCoLIVE.com
I/we (*) hereby withdraw from the agreement concluded by me/us (*) on the purchase of the following goods (*) / the rendering of the following services (*):
Ordered on(*) / received on (*):
Name(s) of the consumer(s):
Address of the consumer(s):
Signatures of the consumer(s) (only in case of notification on paper)
Date
(*) Delete as applicable.”
22.1. If for any reason you are not satisfied with our Services, you may send your complaint to us via: (1) email at compliance@TroyCoLIVE.com, or (2) opening a support ticket, chat through the HelpDesk in your User Area, or (3) registered mail to the following address:
SG Hosting Inc.
901 N. Pitt St Suite 325
Alexandria, 22314 VA
Email: legal@TroyCoLIVE.com
22.2. You may have the option to escalate a chat or support ticket to a Supervisor/Manager. You should include any tracking numbers or other references from your previous correspondence with us in order to be able to recover the full history of your complaint.
22.3. We will take care to review, investigate and respond to any complaint(s) fairly and thoroughly. All complaints must be in writing and clearly indicate the name and contact details of the complainant. If you have relevant documentary evidence to support your complaint, it should be еnclosed to the complaint. Evidence submitted should be as concise as possible and relevant to the complaint.
22.4. Complaints made over the phone shall be recorded, but wherever possible, should be confirmed in writing. Anonymous complaints will not be reviewed.
22.5. When you submit a complaint, TroyCoLIVE will acquire any and all personal data included in the complaint. In order to follow up on your complaint, TroyCoLIVE may need to provide your complaint enclosed with evidences to a person subject of the complaint and third parties as consultants and subcontractors. TroyCoLIVE shall process all personal data included in the complaints in compliance with our Privacy Policy.
22.6. TroyCoLIVE will review the complaint and will provide a written answer within 10 (ten) business days from receipt of the complaint. If the complaint requires more detailed investigation, you will receive an interim response describing what is being done to deal with the matter, and when you can expect a final reply.
23.1. In the event of any dispute, controversy or claim arising out of or related to this Agreement, you and TroyCoLIVE shall use reasonable effort to settle such disputes or differences. To this effect, we shall consult and negotiate each other with the aim to reach a solution satisfactory to each Party.
23.2. This agreement to arbitrate disputes includes all claims arising out of or relating to any aspect of these Terms, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and regardless of whether a claim arises during or after the termination of these Terms. You acknowledge and agree that, by entering into this Agreement, you and TroyCoLIVE are waiving the right to a trial by jury. If you initiate litigation or any other proceeding against TroyCoLIVE in violation of agreed arbitration procedure, you agree to pay us reasonable costs and attorneys’ fees incurred in connection with our enforcement of the articles regulating the arbitration proceeding.
23.3. This Article 23.2. will not apply to domain name and intellectual property infringement disputes.
23.4. Despite the provisions of Article 23.2., nothing in thеsе TOS will be deemed to waive, preclude, or otherwise limit the right of either party to: (i) bring an individual action in the small claims court of your state or municipality if the action with within that court’s jurisdiction and is pending only in that court; (ii) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (iii) seek injunctive relief in a court of law; or (iv) to file suit in a court of law to address an intellectual property infringement claim.
23.5. Any arbitration between the Parties will be governed by the Consumer Arbitration Rules (collectively, “AAA Rules”) of the American Arbitration Association (“AAA”) as modified by these Terms, and will be administered by the AAA. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879, or by contacting TroyCoLIVE. If there is a discrepancy between AAA Rules and the rules set forth in these TOS, the rules specified in the TOS shall apply. You are entitled, in arbitration, seek any and all remedies otherwise available to you pursuant to federal, state or local law, as limited by Limitation of Liability agreed in Article 19 of these TOS. All disputes subject to arbitration shall be resolved by one neutral 1 arbitrator, and the Parties shall have opportunity to participate in the selection of the arbitrator. The arbitrator shall be bound by these TOS. The place of the arbitration at the AAA location shall be chosen by TroyCoLIVE ihe City of Alexandria, Virginia but if claim is for less than $10,000, you may choose whether the arbitration will be conducted: (i) solely on the basis of documents submitted to the arbitrator; (ii) through a non-appearance based telephone hearing; or (iii) by an in-person hearing in City of Alexandria, Virginia. English language shall be used as the written and spoken language for all matters connected with all references to arbitration. During the arbitration, the amount of any settlement offer made by each of the Parties will not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. The decision of the arbitrator shall be made in writing containing the essential findings and conclusion on which an award, if any is based. The decision of the arbitrator shall be final and binding on the Parties, save in the event of fraud, manifest mistake or failure by the arbitrator to disclose any conflict of interest. The decision of the arbitrator may be enforced by any court of competent jurisdiction and may be executed against the person and assets of the losing party in any jurisdiction. For the avoidance of doubt, such court includes any court that is authorized to make such an order by virtue of any treaty or legislation relating to the reciprocal enforcement of foreign arbitral awards or judgments.
23.6. A party who intends to initiate an arbitration procedure to settle the dispute must first notify the other Party by sending a written notice to legal@TroyCoLIVE.com or sending the notice by U.S Postal Service certified mail to S SG Hosting Inc. 901 N. Pitt St Suite 325, Alexandria, 22314 VA. The notice must contain full contact details: name, address and e-mail, the nature and basis of the dispute/claim and the relief requested. In the event of a dispute between the Parties arising out of or in connection with these TOS the Parties hereto shall use their best efforts to resolve the dispute in an amicable manner. If the Parties may not reach an agreement to resolve the dispute within 60 days following the receipt of the dispute notice, each Party may initiate an arbitration procedure under the Article 23.2 of these TOS. You may find a copy of a Demand for Arbitration at www.adr.org: Consumer Arbitration Rules. Any claim or dispute to which arbitration procedure apply must be filed within one year of the date you could first file the claim, unless your local law requires a longer time to file claims. If the claim or dispute is not filed within that time, then it’s permanently barred.
23.7. Both Parties agree that each of them may bring claims against the other Party only in an individual capacity and not as a plaintiff or class member in any purported class or representative proceeding. Further, unless both Parties agree otherwise, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a representative or class proceeding.
23.8. The AAA rules will govern payment of filing fees and the AAA/s and arbitrator’s fees and expenses, unless the Parties agree on them.
23.9. If you do not wish to be bound by the arbitration clauses set forth in these TOS, you may send us an opt-out notice within thirty (30) days following the date you accept these TOS, unless a longer period is required by the applicable law. You may send your opt-out notice to us at legal@TroyCoLIVE or sending the notice by U.S Postal Service certified mail to SG Hosting Inc. 901 N. Pitt St Suite 325, Alexandria, 22314 VA. In the event you opt-out from the arbitration procedure, all other terms contained herein shall continue to apply, including those related to the applicable law and the court in which claims may be filled.
23.10. Both Parties agree that any disputes not subject to arbitration procedure and class action waiver provisions in this Article 23.2 (other than an individual action filed in small claims court) shall be brought before the U.S. District Court for the Eastern District of Virginia (District Court). If the District Court may not consider the dispute, all disputes shall be brought before the appropriate state court located in Alexandria, Virginia, and each party hereby irrevocably and unconditionally consents and submits to the exclusive jurisdiction of such courts for any such controversy. Any claim related to this Agreement, must be filed within one year of the date you could first file the claim, unless your local law requires a longer time to file claims. If the claim is not filed within that time, then it is permanently barred.
23.11. State law issues concerning construction, interpretation and performance of these TOS shall be governed by the substantive law of the Commonwealth of Virginia, excluding its choice of law rules. The United Nations Convention on Contracts for International Sale of Goods shall not apply.
23.12. Your local consumer laws may require some local laws to govern or give you the right to resolve disputes in another forum despite these TOS. If so, the provision regulating the choice of law and dispute resolution apply as much as your local consumer laws allow.
Each Party will comply with all applicable federal, state and local laws and regulations.
24.1. We will send notices to you using the contact information in your Customer Account. We may send you notices by email, a ticket in our HelpDesk or a notice posted in your User Area. We have no responsibility for notices not delivered due to outdated or inaccurate contact information.
24.2. Any notices to us related to issues governed by our Privacy Policy shall be addressed to us at legal@TroyCoLIVE.com or to our Data Protection Officer who can be reached at privacy@TroyCoLIVE.com.
24.3. Any notice related to copyright/trademark infringement shall be address to our Designated Agent:
TroyCoLIVE Compliance Team
SG Hosting Inc.
901 N. Pitt St Suite 325, Alexandria, 22314 VA, USA
Phone: +1.800.828.9231
Email: compliance@TroyCoLIVE.com
24.4. You may send us notices, requests, claims, consents, waivers, demands or any other communication related to this Agreement by (i) opening a ticket through the HelpDesk in your User Area; (ii) email; (iii) first-class mail; or (iv) internationally recognized courier.
Please address your notices to:
SG Hosting Inc.
901 N. Pitt St Suite 325
Alexandria, 22314 VA
Email: legal@TroyCoLIVE.com
24.4. Notice shall be considered duly given and effective: (i) if sent by ticket, on the date the ticket is recorded in the HelpDesk; (ii) if sent by email, on the day when received in the designated email account; (iii) if sent by first-class mail, on the date of delivery by the appropriate postal service; (iv) if sent by internationally recognized courier, on the date of delivery by such courier.
25.1. Export Laws. You must comply with all domestic and international export and import control laws and regulations that apply to the software and/or Services, and, in particular you will not use the Service to export or re-export data or software without all required United States and foreign government licenses. You assume full legal responsibility for any access and use of the Services from outside the United States, with full understanding that the same may constitute export of technology and technical data that may implicate export regulations and/or require export license. Should such a license be required, it shall be yours responsibility to obtain the same, and in case of any breach of this duty resulting in legal claims against TroyCoLIVE, you shall defend, indemnify and hold TroyCoLIVE harmless from all claims and damages arising therefrom.
25.2. Waiver. If at any time during the term of this Agreement we fail to insist upon strict performance of any of your obligations under this Agreement, or if we fail to exercise any of the rights or remedies to which we are entitled under this Agreement, this shall not constitute a waiver of such rights or remedies and shall not relieve you from compliance with such obligations. A waiver by us of any default shall not constitute a waiver of any subsequent default. No waiver by us of any term of this Agreement shall be effective unless it is expressly stated to be a waiver and is communicated by you in writing.
25.3. Assignment. Successors. You may not assign or transfer this Agreement or any of its rights or obligations hereunder, without our prior explicit written consent. Any assignments in violation of the foregoing shall be null and void and of no force or effect. You acknowledge and agree that TroyCoLIVE may assign its rights and obligations under this Agreement, and may engage subcontractors in performing its duties and exercising its rights hereunder, without your further explicit consent. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective successors and permitted assignees.
25.4. Independent Contractors. This Agreement does not create any agency, partnership, joint venture, or franchise relationship. Neither party has the right or authority to, and shall not, assume or create any obligation of any nature whatsoever on behalf of the other party or bind the other party in any respect whatsoever.
25.5. Severability. If any one or more of the provisions contained herein or of the applicable policies of TroyCoLIVE shall, for any reason, be held invalid, illegal or unenforceable in any respect by a court of competent jurisdiction, such provision(s) will be changed and interpreted to accomplish the objectives of the provision to the greatest extent possible under any applicable law. You further agree and understand that the validity of or enforceability of any other provision (or of such provision, to the extent its application is not invalid or unenforceable) of this Agreement and the policies announced on our site shall not be affected.
25.6. Force Majeure. With the exception of Customer’s payment obligations, neither Party will be responsible for any interruption, delay or other failure to fulfill any obligation under this Agreement resulting from acts of God, storms, flood, riots, fire, acts of civil or military authority, war, terrorism, epidemics, pandemics, shortage of power, telecommunications or internet service interruptions or other acts or causes reasonably beyond the control of that Party.
In the event of an occurrence of a Force Majeure, the Party whose performance is affected thereby shall give to the other Party notice of suspension as soon as reasonably practicable, stating the date and extent of such suspension and the cause thereof, and such Party shall resume the performance of such obligations as soon as reasonably practicable upon the cessation of such Force Majeure and its effects.
During a Force Majeure event, you shall be entitled to seek an alternative hosting provider at your own cost with respect to the affected Services. If a Force Majeure event continues to exist for more than twenty (20) consecutive days, each Party shall be entitled to terminate the Agreement for affected Services.
TroyCoLIVE may modify these TOS at any time with immediate effect. We will inform you about modifications to the TOS by email and via notices in your User Area. TroyCoLIVE shall not be liable for your failure to receive an email notification due to an inaccurate email address.
If you do not agree to the changes in the TOS, you must suspend use of the Services and terminate this Agreement within ten (10) business days of receiving notification from us.
To the extent permitted by applicable law, continued use of the Services after you have received a notice for changes to the TOS will be considered as acceptance of such changes and in force in the agreement between the user and TroyCoLIVE, unless you have sent us a termination notice.
Where the change in Terms is required by law or related to the addition of a new service, extra functionality to the existing Service(s) or any other change which neither reduces your rights nor increases your responsibilities, the TOS will be changed without prior notice to you and shall have immediate effect.
No clarification or explanation of the Terms provided by the Parties will have the power to modify the provisions of these TOS.
Articles 5, 11.10., 15.6., 18, 19, 20, 23, 24, 25.5 and 27 shall survive the termination of this Agreement.
Thеsе TOS incorporated by reference the Terms of Service of the third-party Service providers listed below.
|
body {
font-family: Arial, sans-serif;
}
.widget-container {
max-width: 600px;
margin: 0 auto;
padding: 20px;
background-color: #f0f0f0;
}
h2 {
text-align: center;
}
form label {
display: inline-block;
width: 80px;
font-weight: bold;
}
form input,
form textarea {
width: 300px;
padding: 5px;
margin-bottom: 10px;
}
button {
display: block;
width: 100%;
padding: 10px;
font-size: 16px;
background-color: #4CAF50;
color: white;
border: none;
cursor: pointer;
}
.mailto-link,
.buttons button {
display: inline-block;
}
#generatedLink {
margin-top: 20px;
}
.generated-link a {
display: block;
padding: 10px;
font-size: 16px;
background-color: #007BFF;
color: white;
text-align: center;
text-decoration: none;
}
TITLE | DURATION | CHANNEL | SCAN QR | URL | WORKFLOWS | DESCRIPTION |
---|---|---|---|---|---|---|
Report by Phone | 2 min | Phone | ![]() | |||
Phone Support | 6 min | Phone Support | ||||
Chat Support | 3 min | Messenger (meta) | ![]() | Get Support | ||
Webex Breakout | 15 min | Webex | ![]() | Get Support | ||
ManagedPRO Support | 30 min | Webex | ![]() | Get Support | ||
ManagedPRO Support | 60 min | Webex | ![]() | Get Support | ||
ManagedPRO Support | 120 min | Webex | ![]() | Get Support |
This is front side content.
This is back side content.
[pum_registration_form] |